Currently I’m using sonar-scan-cli-docker to scan our Python project as following.
docker run -e SONAR_HOST_URL=https://an.internal.server -it -v "$(pwd):/usr/src" sonarsource/sonar-scanner-cli
It raised error saying
ERROR: SonarQube server [https://an.internal.server] can not be reached
I checked some threads with similiar issues sonarqube-server-cannot-be-reached and sonarqube-server-can-not-be-reached-error, it says we need to add certificate into JAVA certificate trust store.
I cloned the whole project sonar-scan-cli-docker and want to do the change myself. I found inside the image,
sonar-scanner(/opt/sonar-scanner) shipped a
JRE(/opt/sonar-scanner/jre) with it. But inside the
JRE there’s no
keytool which imports the certificate to JAVA trust store.
Here’s what I found from internet(just for reference).
keytool -import -alias your-alias -keystore cacerts -file certificate.der
So the question is how to add certificate, if
keytool cannot be found in
JRE shipped with
I’m very new to Java. Thanks for advise.
SonarQube Scanner 220.127.116.113
Welcome to the community! One solution could be to extend the docker image to build your own, with
keytool installed and your
keystore customized. Another option could be to build your own
keystore outside the docker image, and bind it in the jre folder.
Thanks for the reply!
I finally get it done by
build my own keystore outside the image and bind it.
I’m NOT quite sure, but during the process I tried different
keytool from different JRE versions and different platforms(Mac, Linux), seems the
cacerts(keystore) created doesn’t all work.
E.g. I use the
keytool in my Mac to create the
cacerts. But it doesn’t work. Then I switch to a Linux, and use the
keytool there, then the
cacerts created works.
Just FYI~, incase anyone else met same issue.
great, thanks for sharing the solution! Indeed, it make sense to use the same
keystore as the target. SonarQube base image is openjdk:slim, which is debian-based.
Hi, I am facing same issue. How did you fix it? I am trying to run the sonarscanner in CI job pipeline and getting this error. How do i import my local server cert to sonarscanner-cli docker image
Hi, I am using the latest sonar-qube-cli docker and run into the same problem. It seems that the image has changed since this topic was written. The keytool is now available in the image.
I tried to add the needed certs by using
keytool -import -alias myCert -file myCert.cer -cacerts
I get asked for a password I do not know. I am pretty new to Java, Docker and certs handling.
My questions now:
Am I on the right path to add my certificates?
Any help is highly appreciated.
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /usr/src/sonar-project.properties
INFO: SonarScanner 18.104.22.16847
INFO: Java 11.0.15 Alpine (64-bit)
INFO: Linux 5.10.124-linuxkit amd64