Currently I’m using sonar-scan-cli-docker to scan our Python project as following.
docker run -e SONAR_HOST_URL=https://an.internal.server -it -v "$(pwd):/usr/src" sonarsource/sonar-scanner-cli
It raised error saying
ERROR: SonarQube server [https://an.internal.server] can not be reached
I checked some threads with similiar issues sonarqube-server-cannot-be-reached and sonarqube-server-can-not-be-reached-error, it says we need to add certificate into JAVA certificate trust store.
I cloned the whole project sonar-scan-cli-docker and want to do the change myself. I found inside the image,
sonar-scanner(/opt/sonar-scanner) shipped a
JRE(/opt/sonar-scanner/jre) with it. But inside the
JRE there’s no
keytool which imports the certificate to JAVA trust store.
Here’s what I found from internet(just for reference).
keytool -import -alias your-alias -keystore cacerts -file certificate.der
So the question is how to add certificate, if
keytool cannot be found in
JRE shipped with
I’m very new to Java. Thanks for advise.
SonarQube Scanner 220.127.116.113
Welcome to the community! One solution could be to extend the docker image to build your own, with
keytool installed and your
keystore customized. Another option could be to build your own
keystore outside the docker image, and bind it in the jre folder.
Thanks for the reply!
I finally get it done by
build my own keystore outside the image and bind it.
I’m NOT quite sure, but during the process I tried different
keytool from different JRE versions and different platforms(Mac, Linux), seems the
cacerts(keystore) created doesn’t all work.
E.g. I use the
keytool in my Mac to create the
cacerts. But it doesn’t work. Then I switch to a Linux, and use the
keytool there, then the
cacerts created works.
Just FYI~, incase anyone else met same issue.
great, thanks for sharing the solution! Indeed, it make sense to use the same
keystore as the target. SonarQube base image is openjdk:slim, which is debian-based.
Hi, I am facing same issue. How did you fix it? I am trying to run the sonarscanner in CI job pipeline and getting this error. How do i import my local server cert to sonarscanner-cli docker image