Hello All,
I am tying to establish a link between SonarQube and GitLab, however, I have been rather unsuccessful. To give some context on the situation, we self-host GitLab, as well as loaded SonarQube in a docker. I got SonarQube’s docker container running then navigated to it online. However, now I am unable to link any projects. I end up getting the personal access token created with the correct scope. Then I submit my API URL link which I believe is mydomain.com/api/v4. It returns with the error, " could not validate GitLab URL. got an unexpected answer". Now when I go back to link GitLab and its projects I get only one text field that asks for Enter personal access token but it immediately errors out and says The request cannot be processed. Try again later. I’ve been on this project now for awhile and I can’t seem to get it. I’d really appreciate some assistance. Thanks!
Hey there.
I would suggest bumping your Log Level up to TRACE (Global Administration > System > Log Level) and checking the web process logs for more details about what’s being returned by the GitLab URL.
Also, as mentioned in the template post, please let us know what version of SonarQube you’re using!
Hi Collin,
Sorry about that. I am using the latest version of SonarQube which is 10.0.0.68432. I am checking the web logs and it says
Gitlab API call to [https://mygitdomain.com/api/v4/projects] failed with error message : [PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
It looks like your Gitlab server probably uses a self-signed certificate which can’t be trusted by the trust store that the Java installation hosting your SonarQube server uses.
Take a look at the documentation of Self Signed Certificates of DevOps Platforms!
Hi Collin,
Sorry for the late reply! So I ended up setting up a java store key file and then adding this below to my sonar.properties conf. file.
sonar.web.https.port=<https_port_number>
sonar.web.https.keyAlias=<certificate_alias>
sonar.web.https.keystoreFile=<path_to_keystore>
sonar.web.https.keystorePass=<keystore_password>
Now I have my logs showing this when I go to link the projects in our on prem self hosted gitlab, up to date.
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at java.base/sun.security.validator.Validator.validate(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 177 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
Is there anything else I need to add or what am I missing exactly! Thanks in advance!
None of these parameters have any effect. Where did you find them?
And, if you want to pass a custom truststore to the Web process instead of adjusting the Java installation (-Djavax.net.ssl.trustStore=trustStore.keystore -Djavax.net.ssl.trustStorePassword=changeit), you can pass it into sonar.web.javaOpts or sonar.web.javaadditionalopts in the conf/sonar.properties file). This will require a server restart to take effect…
Hi Colin,
I don’t remember where I had got them, I believe some forums page. I will try a different way, thanks for response!