We are using a company trusted root CA certifcate for our sonarqube server.
we can’t run sonar build analysis without adding the sonarqube certificate to the java truststore.
(We have pretty many buildservers and multiple java versions), so it’s some administration
If we have an external trusted CA certificated from i.e godaddy.
will our buildserver then be able to connect with https to sonar server, without adding the sonar server cert to the java trust store ?
We have a wildcard certificate from godaddy with *.dev.domain.com. Sonarqube is reversed proxied with https://sonar.dev.domain.com:443 (with valid certificate) to http://vm-sonar.company.intra:9000. And we have no issues accessing sonarqube over https from anywhere: dev machines, maven builds, browsers, docker images, etc.
Now we have a godaddy cert, but still i get these error on our buildserver running maven sonar:sonar goal
[ERROR] SonarQube server xxx can not be reached
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe
However sonarlint in Intellij running on this server works now anyway.
There was an issue with the Godaddy cert, now it has 3 different entrys in the certificate chain.
so now openssl s_client -showcerts -connect >hostname>:443 works!
However mvn sonar:sonar from buildserver still fails, will create a bug report for that.