SonarQube Enterprise Server can not be reached through sonar-scanner

Hi Team

I’m trying to do sonar scan using this sonarqube enterprise instance https://walprdrddoson01.rocketsoftware.com:9773/

it throws below error pls assist.

error.txt (8.2 KB)

Hi,

Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The Java for the scanner is missing the certs / has the wrong certs in his truststore, means
the ssl certficate of your Sonarqube server can’t be validated.

Gilbert

The screenshot shows your browser, but the Sonar scanner doesn’t use the browser.
The browser shows that the certficate is valid, but the scanner must also be able to
validate it - otherwise javax.net.ssl.SSLHandshakeException.

So what exactly i need to change and also in which location or file ?

You’ll need to import the missing cert into the truststore/keystore of the Java your scanner runs on, ususally …/lib/security/cacerts

Something like that (If your organisation has its own CAs (certification authority) you need to import their certs.)

  1. browser open a HTTPS connection to your Sonarqube server

  2. press F12 to open browser dev tools

  3. choose ‘Security’ tab

  4. choose ‘view certificate’

  5. in certificate details choose ‘Details’ tab

  6. choose ‘Export’, file format should be *.pem, *.crt

  7. save the file, i.e. SONAR.crt

  8. use Java keytool to import it into your Java keystore (default …/lib/security/cacerts)
    keytool -import -trustcacerts -alias foobar -file SONAR.crt -keystore cacerts

Helpful tools / links

KeyStore Explorer for checking and editing of the java keystore (if you prefer that over keytool CLI)
It’s also possible to check the validity via ‘Examine ssl’ instead of using SSLPoke.

SSLPoke for testing

Keytool commands

Gilbert

Thanks it worked.