[SonarQube Developer edition] Error in Integrating SonarQube with github enterprise

@stacey.geng
Must-share information

  • which versions -SonarQube Developer Edition Version 9.9.3 (build 79811)
  • how is SonarQube deployed - zip
  • what are you trying to achieve - We are trying to integrate Sonarqube developer edition with github enterprise server 3.8.10
  • what have you tried so far to achieve this - We created a github app and created a configuration in sonarqube web page but when we click on the check configuration, it shows an error mentioning Failed to validate configuration, check URL and Private Key
    further I tried to reconfirm all the details are correct, also we have hosted Sonarqube on a local server. Please help in resolving the issue?
    Pasting the logs below as I was not able to attach the file or image
    2024.03.29 09:45:55 WARN web[o.s.a.c.g.GithubApplicationClientImpl] Failed to request https://github.xyzorg.net/api/v3/app
    javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)

Let me suggest taking SonarQUbe out of the equation entirely and using a tool like SSLPoke to test the Java distribution that’s starting your SOnarQube server and whether it is able to make the connection to you GitHub Enterprise server with what it has in its trust store.

Likely you’ll need to adjust the truststore of that Java install. This is a common problem when a server SonarQube is trying to reach is using a self-signed certificate.

@Colin Thanks for your suggestion Colin, I ran the ssl poke test and it returned successfully connected, after that I restarted the Sonarqube and tried to validate the setting but its returning the same error as mentioned in the below logs
2024.04.02 15:01:15 WARN web[o.s.a.c.g.GithubApplicationClientImpl] Failed to request https://github.xyzorg.net/api/v3/app
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl
but I have one question to you that how can I generate a self-signed certificate and install it on my sonarqube server, my sonarqube server is running on http?

This has everything to do with the certificate on your GitHub server – not the one on your SonarQube server (meaning that even if your SonarQube server is being served over HTTP, that isn’t at play here).

Is it possible you have multiple versions of Java installed on your SonarQube server? Are you sure the one that was used to run SSLPoke is the same as the one that’s running your SonarQube server? You should be able to check the location of this Java install under the global Administration > System

@Colin Thanks for your valuable insights Colin, I rechecked the Java as suggested by you, yes the java used by Sonarqube was different from the one appearing as default, then I followed your suggestion to install the certificate Adjusting the truststore to add the certificate, and the issue is resolved.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.