waitForQualityGate() unable to find cert path in Jenkins pipeline

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube: 8.2
    Scanner: 4.2.0.1873
    Plugin: 2.8.1

  • what are you trying to achieve
    I am trying to implement the waitForQualityGate() stage in my Jenkins build and deploy pipeline. It currently errors out with: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  • what have you tried so far to achieve this
    We have a cacerts file containing our sonarqube server cert stored under the sonar-scanner ssl directory like so: /sonar-scanner/ssl/cacerts. I’ve attempted to export (via sh "export ..." in the Jenkinsfile) JAVA_OPTS=-Djavax.net.ssl.trustStore=/sonar-scanner/ssl/cacerts -Djavax.net.ssl.trustStorePassword=passwordhere in hopes that it’d be picked up, but that didn’t seem to help. I also tried using Jenkins’ withEnv() to set that, but the waitForQualityGate() continues to not pick up these environment vars.

I also attempted to set -Djavax.net.debug=ssl,handshake to produce some debugging information for me to look at, but the code performing the gate checks doesn’t want to pick that option up either.

Is there something else I need to set or configure in order for waitForQualityGate() to reference the cacerts file I want it to reference as well as java options I configure within the stage?

Looks like this is sorted out now. The certificate that our Sonar server was presenting was not presenting our company root/intermediate certs. After adding those to our Sonar server cert chain, we’re able to connect.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.