0

SonarQube Scanner and Invalid SSL Certificates

Internet Explorer access to certificates
Bookmark this on Hatena Bookmark
Share on LinkedIn
Pocket

Struggling with scanner and your invalid SSL certificate ? Here is a way to handle it.

Issue with SonarQube scanner

The SonarQube Scanner is NOT supporting invalid certificates and unfortunately our SonarQube server is delivered with an invalid SSL certificate.

INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 0.504s
INFO: Final Memory: 4M/123M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: Unable to execute SonarQube
ERROR: Caused by: Fail to get bootstrap index from server
ERROR: Caused by: sun..validator.ValidatorException:  path building
failed: sun.security.provider..: unable to fi
nd valid certification path to requested target
ERROR: Caused by:  path building failed: sun.security.provider.certpath.SunC
ertPathBuilderException: unable to find valid certification path to requested ta
rget
ERROR: Caused by: unable to find valid certification path to requested target
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging
.

To circumvent this error, you will have to upload all certificates in your cacerts.

Solution

Here are the steps to load your certificates : 

  • Unzip the files into the jre/lib/security of the SonarRunner installation, overwrite the exisiting ones.
  • Open the file jre/lib/security/cacerts using portecle (default password is changeit)
  • Download your own certificate using your browser and obtain a .cer or pkx certificate.

    Internet Explorer access to certificates

    • Import them using portecle.
    Screenshot how to use portecle

    Screenshot how to use portecle

    • DONEYour Sonarqube Scanner should be able to connect itself to the SonarQube server.

    Interesting SonarQube articles : SonarQube and ReactJSSonarQube plugins for AngularJS and Javascript you may not know

    Share on LinkedIn
    Pocket

    Sylvain Leroy

    Senior Software Quality Manager and Solution Architect in Switzerland, I have previously created my own company, Tocea, in Software Quality Assurance. Now I am offering my knowledges and services in a small IT Consulting company : Byoskill and a website www.byoskill.com Currently living in Lausanne (CH)