Update Center error with SonarQube CE 9.9.2 and 9.9.3

defantia · November 21, 2023, 11:05am

which versions are you using : SonarQube CE 9.9.x (with JRE Temurin-17.0.5+8)
how is SonarQube deployed : zip
what are you trying to achieve :
Using “Marketplace” screen and plugins updates

After updating SonarQube CE 9.9.1 to SonarQube CE 9.9.2, the plugins section of the Marketplace screen doesn’t work properly (

and there is a certificate error in the logs :
Logs_Extract.txt (17.5 KB)
The same problem occurs with SonarQube CE 9.9.3 and it disappears when we return to version SonarQube CE 9.9.1

What should be done to correct the MarketPlace problem encountered with SonarQube CE 9.9.2 and SonarQube CE 9.9.3 ?

Colin · November 21, 2023, 12:47pm

Hey there.

I can reproduce this (with openjdk 17.0.9, for what it’s worth) – 9.9.1 works, but 9.9.3 doesn’t. I’ll flag this for attention.

wojtek.wajerowicz · November 21, 2023, 3:42pm

Hi @defantia,

Do you use any proxy to tunnel your traffic that’s using custom certificates?
If yes, then you’ll need to add those certificates to the truststore of the JVM.

defantia · November 21, 2023, 6:33pm

Yes, we use a proxy and company certificates are added to the truststore of the JVM in SonarQube config file :
sonar.web.javaOpts=… - Djavax.net.ssl.trustStore=/…/myfile.jks
sonar.ce.javaOpts=… -Djavax.net.ssl.trustStore=/…/myfile.jks
sonar.search.javaOpts=… -Djavax.net.ssl.trustStore=/…/myfile.jks

It’s the same config file for SonarQube CE 9.9.1, 9.9.2 and 9.9.3. It’s work perfectly with SonarQube CE 9.9.1 but not with 9.9.2 and 9.9.3.

wojtek.wajerowicz · November 27, 2023, 9:04am

I’m still trying to investigate and reproduce the issue.
I’ll reply here when I have some findings.

defantia · November 29, 2023, 8:51pm

Hi,
Colin said he was able to reproduce the problem. Is it possible to see with him ?

In addition, the myfile.jks file contains my company’s certificates, but not the update.sonarsource.org certificate.