Update Center error with SonarQube CE 9.9.2 and 9.9.3

  • which versions are you using : SonarQube CE 9.9.x (with JRE Temurin-17.0.5+8)
  • how is SonarQube deployed : zip
  • what are you trying to achieve :
    Using “Marketplace” screen and plugins updates

After updating SonarQube CE 9.9.1 to SonarQube CE 9.9.2, the plugins section of the Marketplace screen doesn’t work properly (

and there is a certificate error in the logs :
Logs_Extract.txt (17.5 KB)
The same problem occurs with SonarQube CE 9.9.3 and it disappears when we return to version SonarQube CE 9.9.1

What should be done to correct the MarketPlace problem encountered with SonarQube CE 9.9.2 and SonarQube CE 9.9.3 ?

Hey there.

I can reproduce this (with openjdk 17.0.9, for what it’s worth) – 9.9.1 works, but 9.9.3 doesn’t. I’ll flag this for attention.

Hi @defantia,

Do you use any proxy to tunnel your traffic that’s using custom certificates?
If yes, then you’ll need to add those certificates to the truststore of the JVM.

Yes, we use a proxy and company certificates are added to the truststore of the JVM in SonarQube config file :
sonar.web.javaOpts=… - Djavax.net.ssl.trustStore=/…/myfile.jks
sonar.ce.javaOpts=… -Djavax.net.ssl.trustStore=/…/myfile.jks
sonar.search.javaOpts=… -Djavax.net.ssl.trustStore=/…/myfile.jks

It’s the same config file for SonarQube CE 9.9.1, 9.9.2 and 9.9.3. It’s work perfectly with SonarQube CE 9.9.1 but not with 9.9.2 and 9.9.3.

I’m still trying to investigate and reproduce the issue.
I’ll reply here when I have some findings.

Hi,
Colin said he was able to reproduce the problem. Is it possible to see with him ?

In addition, the myfile.jks file contains my company’s certificates, but not the update.sonarsource.org certificate.

Hi,
I solved the problem by adding the *.sonarsource.org and Gandi Standard SSL CA 2 certificates to the truststore of the JVM (in my case, the myfile.jks file) and now the plugins section of the Marketplace screen works correctly in SonarQube CE 9.9.3.

1 Like

Hi,
There have been some changes on the SonarQube update site and I had to replace the certificates in my previous answer by the certificats :

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.