Sonarqube https and certificates


(Anders Grund) #1

We are using a company trusted root CA certifcate for our sonarqube server.
we can’t run sonar build analysis without adding the sonarqube certificate to the java truststore.
(We have pretty many buildservers and multiple java versions), so it’s some administration

If we have an external trusted CA certificated from i.e godaddy.
will our buildserver then be able to connect with https to sonar server, without adding the sonar server cert to the java trust store ?


(Eugene Dubrovka) #2

We have a wildcard certificate from godaddy with * Sonarqube is reversed proxied with (with valid certificate) to And we have no issues accessing sonarqube over https from anywhere: dev machines, maven builds, browsers, docker images, etc.

(Anders Grund) #3

Ok, thanks!
Now we have a godaddy cert, but still i get these error on our buildserver running maven sonar:sonar goal
[ERROR] SonarQube server xxx can not be reached
PKIX path building failed: unable to find valid certification path to requested targe

However sonarlint in Intellij running on this server works now anyway.

(Anders Grund) #4

There was an issue with the Godaddy cert, now it has 3 different entrys in the certificate chain.
so now openssl s_client -showcerts -connect >hostname>:443 works!

However mvn sonar:sonar from buildserver still fails, will create a bug report for that.