...unable to find valid certification path to requested target

  • Operating system: Windows 10 Enterprise
  • SonarLint plugin version: 3.7.0
  • Is connected mode used:
    • Connected to SonarQube: Version 9.5 (build 56709)

Description
Since Version 3.6.0 i am getting the following error:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I also did the SSLPoke check which worked out well.
I think the error is connected to the newly introduced “Connected mode”.
When switching back to v3.5.4, everything works fine…

Thank you for your efforts and the awesome product.

Kind regards
Stefan

Hello, welcome to the community! And thanks for your feedback.

Connected mode is not really a new feature :wink: however what is new in 3.7 is that we now embed our own JRE (on Windows, Linux and macOS).

My hypothesis is that you ran the SSLPoke test with the “public” JRE that is installed on your machine and that probably has some internal root certificate (or a different set of enabled crypto algorithms).

For investigation purposes, would it be possible for you to run the SSLPoke test with the extension’s JRE instead? On Windows, it should be located somewhere like %USERPROFILE%\.vscode\extensions\sonarsource.sonarlint-vscode-3.7.0-win32-x64\jre\17.0.3-win32-x86_64.tar\bin\java.exe.

One possible workaround would be to download the “Universal” VSIX from the extension page and use your machine’s public JRE instead of the one embedded in the Windows-specific VSIX.

Screenshot from 2022-07-27 13-12-54

had the same problem, I didn’t notice that it now comes with it’s own jre (I had the setting active that points to my “normal” JRE/JDK installation but it does not seem to affect this problem).

What I did to fix it was grab the cacerts of my normal installation and overwrite the one that the packaged version comes with. Seems to to the trick and now the connected mode is working again :slight_smile:

2 Likes