I cloned the whole project sonar-scan-cli-docker and want to do the change myself. I found inside the image, sonar-scanner(/opt/sonar-scanner) shipped a JRE(/opt/sonar-scanner/jre) with it. But inside the JRE there’s no keytool which imports the certificate to JAVA trust store.
Here’s what I found from internet(just for reference).
Welcome to the community! One solution could be to extend the docker image to build your own, with keytool installed and your keystore customized. Another option could be to build your own keystore outside the docker image, and bind it in the jre folder.
I finally get it done by build my own keystore outside the image and bind it.
I’m NOT quite sure, but during the process I tried different keytool from different JRE versions and different platforms(Mac, Linux), seems the cacerts(keystore) created doesn’t all work.
E.g. I use the keytool in my Mac to create the cacerts. But it doesn’t work. Then I switch to a Linux, and use the keytool there, then the cacerts created works.
great, thanks for sharing the solution! Indeed, it make sense to use the same keystore as the target. SonarQube base image is openjdk:slim, which is debian-based.
Hi, I am facing same issue. How did you fix it? I am trying to run the sonarscanner in CI job pipeline and getting this error. How do i import my local server cert to sonarscanner-cli docker image
Hi, I am using the latest sonar-qube-cli docker and run into the same problem. It seems that the image has changed since this topic was written. The keytool is now available in the image.
I tried to add the needed certs by using
I get asked for a password I do not know. I am pretty new to Java, Docker and certs handling.
My questions now:
Am I on the right path to add my certificates?