Hi Team
I’m trying to do sonar scan using this sonarqube enterprise instance https://walprdrddoson01.rocketsoftware.com:9773/
it throws below error pls assist.
error.txt (8.2 KB)
Hi,
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The Java for the scanner is missing the certs / has the wrong certs in his truststore, means
the ssl certficate of your Sonarqube server can’t be validated.
Gilbert
The screenshot shows your browser, but the Sonar scanner doesn’t use the browser.
The browser shows that the certficate is valid, but the scanner must also be able to
validate it - otherwise javax.net.ssl.SSLHandshakeException.
So what exactly i need to change and also in which location or file ?
You’ll need to import the missing cert into the truststore/keystore of the Java your scanner runs on, ususally …/lib/security/cacerts
Something like that (If your organisation has its own CAs (certification authority) you need to import their certs.)
-
browser open a HTTPS connection to your Sonarqube server
-
press F12 to open browser dev tools
-
choose ‘Security’ tab
-
choose ‘view certificate’
-
in certificate details choose ‘Details’ tab
-
choose ‘Export’, file format should be *.pem, *.crt
-
save the file, i.e. SONAR.crt
-
use Java keytool to import it into your Java keystore (default …/lib/security/cacerts)
keytool -import -trustcacerts -alias foobar -file SONAR.crt -keystore cacerts
Helpful tools / links
KeyStore Explorer for checking and editing of the java keystore (if you prefer that over keytool CLI)
It’s also possible to check the validity via ‘Examine ssl’ instead of using SSLPoke.
SSLPoke for testing
Keytool commands
Gilbert
Thanks it worked.