Unable to get trusted Cert for website

linzwelch · February 14, 2023, 6:57pm

Currently running a self-hosted(non internet connected) Sonarqube Enterprise 9.9.0/Postgres:13 on RHEL 7.9 with Docker 19.03.9/Docker-Compose 2.11.0
I have tried self signed certs and certs generated from a CA (.pem,.cer,.crt) and adding them to the keystore based off Install the server documentation. None of them have been successful in getting a “trusted cert” “Green lock” when navigating to the URL. IThis is important as sonarqube is not able to connect to our bitbucket due to untrusted cert " unable to find valid certification path to requested target"

Any instruction on how to properly install the certs with commands and type of cert would be beneficial.
The following is the docker-compose file I am using.

version: "3"
services:
  sonarqube:
    image: sonarqube_enterprise:9.9.0
    restart: on-failure
    hostname: sonarqube001
    container_name: sonarqube
    depends_on:
      - db
    environment:
      SONAR_CORE_SERVERBASEURL:  https://sonarqube001.dev.local
      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: sonar
      SONAR_LOG_LEVEL_APP: INFO
      SONAR_LOG_LEVEL_WEB: DEBUG
      SONAR_LOG_LEVEL_CE: INFO
      SONAR_LOG_LEVEL_ES: INFO
      SONAR_SECURITY_REALM: LDAP
      
    volumes:
      - /opt/sonarqube/certs/cacerts:/usr/lib/jvm/java-11-openjdk/lib/security/cacerts:ro
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_logs:/opt/sonarqube/logs
    ports:
      - "9000:9000"

  db:
    image: postgres:13
    restart: on-failure
    hostname: postgresql
    container_name: postgresql
    environment:
      POSTGRES_USER: sonar
      POSTGRES_PASSWORD: sonar
      POSTGRES_DB: sonar
    volumes:
      - postgresql:/var/lib/postgresql
      - postgresql_data:/var/lib/postgresql/data 
    ports:
      - "5432:5432"
volumes:
  sonarqube_data:
  sonarqube_extensions:
  sonarqube_logs:
  postgresql:
  postgresql_data:

Colin · February 17, 2023, 9:46am

Hey there.

As noted in the Upgrade Notes

Docker images updated

If you use self-signed certificates, you may need to adjust your Docker configuration: the path of the Java installation has changed to /opt/java/openjdk/. See Install the server for more information.

linzwelch · February 22, 2023, 4:05pm

Thanks however that didnt work. I have gone through the official install guides as well as several different Forums on here and they all produce the same issue.
I am looking for possible different solutions that i might be able to try to get it working.

Colin · February 23, 2023, 9:57am

Hey there.

You’ll have to detail the exact steps you took, what error messages you stopped/started receiving, screenshots, etc.

Take note that these two things are unrelated – browsing SonarQube over HTTPS (properly) which would require adding a reverse proxy to your Docker Compose configuration, and connecting to GitLab (which requires your certs are installed for the SonarQube server) are two different problems to solve.