Type of SSL certificate on UNABLE_TO_VERIFY_LEAF_SIGNATURE (Azure DevOps 2020)

SonarQube Version: Community Edition Version 8.6 (build 39681)

Hi everyone,
I have a question concerning the kind of certificate that has to be used when connection my SonarQube Server with our Azure DevOps 2020 Server (both on-premise).

We used to setup the SonarQube Endpoint on our DevOps Server via http and used the extension pipeline tasks.
The version of the SonarQube Extension is 4.17.0.
And with this configuration everything worked fine.

Now, we changed the connection to an SSL based one using “https”-URLs. We had to do so based on a company policy. We did so on the SonarQube Server and the DevOps Server using certificates. The connection itself works (both Webservers are running and can be connected). We did a reverse proxy on the SonarQube Server using this link:

But, when preparing the analysis in the DevOps pipeline we are getting this exception:
##[error][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“UNABLE_TO_VERIFY_LEAF_SIGNATURE”}

On an internet and community search I see, that this has happende before without completely answering what the solution is. It seems that is has to do with maybe some incorrect certificates like suggested here (where the thread owner has the same problem):

So my main questions is:
Does the certificate on one of the servers has to be a special type of certificate ? (This basically was the question I got from our IT department, who also cant find the problem)
Does the DevOps Build Agent where to code is build and analyzed also have a certificate ?

For any further information you may need, just ask.
Thanks in advance for any help.

Regards
Claudius

Hi,

I am facing the exact same issue on Azure DevOps Server 2019. Runing SonarQube Community Edition - Version 8.9.2 (build 46101). Both are also on-premise.
Did you find the solution ?

Thanks !

Hello @Monsi,

the solution was rather simple. We used a SSL Wild card certificate within the SonarQube Server itself (given by our IT department). By using this, pretty much all endpoints are accepted.