SonarQube not starting after updating JAVA truststore

Hello Team,

I’m using sonarqube 9.9v, connecting to postgres on US east 1 region and is of version: 11.22 hosted on amazon
Since Amazon is rotating their RDS certs, we updated postgres instance with the global cert bundle provided by amazon.
On sonar app server, we updated java truststore and we could see all the certs are imported correctly.

In sonar properties file, we provided sslmode=verify-full for jdbc connection
But when sonar is started, service fails with the below error:
Caused by: com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Could you please help us in fixing this issue.
Attached logs:
sonar logs.txt (21.4 KB)

Hey there.

The error message pretty much makes clear that, with the certs available in its trust store, SonarQube cannot trust your database server. This could mean…

• The certs weren’t installed correctly
• The Java installation booting up SonarQube isn’t using the certs you think it is (or isn’t the Java installation you think it is)
• Something is wrong with the certs installed on the target server

Out of curiosity, does verify-ca work? See the Postgres SSL docs for the difference.