Which certificates are needed for LDAPS configuration of Sonarqube?

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this


I’m trying to setup 2 Sonarqube servers, one running version LTS Enterprise edition and one running Enterprise edition.
Both systems are running on RHEL 8.5 and using OpenJDK version 11.0.15.
Both systems are configured to authenticate users against our internal AD using LDAP. This is working fine. But we need to migrate to LDAPS for security reasons.

So far I was not able to have a successful LDAPS connection against the internal AD.
Maybe it has to do with the certificates we have or don’t have in the java truststore.

The company uses an internal root & intermediate CA for the domain, and all internal systems use certificates that are signed by this root CA and its intermediate CA.

Both the internal root CA and intermediate certificates are added to the java truststore.
This might not be enough and we will probably need a server certificate in the truststore as well.

My question, which server certificate do we need ? Is it the server certificate of the Domain controller, is it a server certificate of the Sonarqube system ?

In case of the latter I’m puzzled. We have a reverse proxy on a separate system that is handling SSL for the Sonarqube systems. Is it the certificate used for the SSL connection that I need to add ?

Or do I need to create specific server certificates for the sonarqubes, if so how can I do this ?

Kind regards,
Koenraad Vanhoutte

The Java installation that runs your SonarQube server will need to trust the certificate installed on your LDAP server.

I would suggest taking a look at this thread!

Hi Colin, Thanks for the reply.
I had received the wrong server certificates from my Windows colleagues which was the root cause of my issue.
Adding the correct certificates to the Java trust store and using the FQDN names of the servers in the sonar.properties file were in my case the solution. The certificates only contain the fqdn’s so using hostnames in the properties file didn’t work.
The system is now communicating using LDAPS, so issue solved.

Kind regards,
Koenraad Vanhoutte


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.