Which certificates are needed for LDAPS configuration of Sonarqube?

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

Hi,

I’m trying to setup 2 Sonarqube servers, one running version 8.9.8.54436 LTS Enterprise edition and one running 9.4.0.54424 Enterprise edition.
Both systems are running on RHEL 8.5 and using OpenJDK version 11.0.15.
Both systems are configured to authenticate users against our internal AD using LDAP. This is working fine. But we need to migrate to LDAPS for security reasons.

So far I was not able to have a successful LDAPS connection against the internal AD.
Maybe it has to do with the certificates we have or don’t have in the java truststore.

The company uses an internal root & intermediate CA for the domain, and all internal systems use certificates that are signed by this root CA and its intermediate CA.

Both the internal root CA and intermediate certificates are added to the java truststore.
This might not be enough and we will probably need a server certificate in the truststore as well.

My question, which server certificate do we need ? Is it the server certificate of the Domain controller, is it a server certificate of the Sonarqube system ?

In case of the latter I’m puzzled. We have a reverse proxy on a separate system that is handling SSL for the Sonarqube systems. Is it the certificate used for the SSL connection that I need to add ?

Or do I need to create specific server certificates for the sonarqubes, if so how can I do this ?

Kind regards,
Koenraad Vanhoutte

The Java installation that runs your SonarQube server will need to trust the certificate installed on your LDAP server.

I would suggest taking a look at this thread!