Issue
Environment details
SonarQube – Version - 6.7.6(LTS)
OS – CentOS – 7.6
Protocol- Https
Certificate: SSL – Self Signed.
Jenkins: 2.164.1
Sonar Scanner Version - 3.3.0.1492
Nginx configured for reverse proxy.
On my Sonarqube server, I have created self-signed certificate using below command.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/ssl-key/ sonarqube.key -out /root/ssl-key/sonarqube.crt
From Jenkins while analyzing the code getting below errors
11:30:33.957 ERROR: SonarQube server [https://sonarqube/sonar] can not be reached
11:30:33.958 INFO: ------------------------------------------------------------------------
11:30:33.958 INFO: EXECUTION FAILURE
11:30:33.958 INFO: ------------------------------------------------------------------------
11:30:33.959 INFO: Total time: 0.487s
11:30:33.987 INFO: Final Memory: 4M/121M
11:30:33.987 INFO: ------------------------------------------------------------------------
11:30:33.988 ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
at org.sonarsource.scanner.api.internal.Jars.getBootstrapIndex(Jars.java:100)
at org.sonarsource.scanner.api.internal.Jars.getScannerEngineFiles(Jars.java:76)
at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have the following two files in my sonarqube server (sonarqube.key and sonarqube.crt
), Later I have copied these two files to my Jenkins server and executed still falling with same errors.
Solution
Since Jenkins runs on Java, you need to get Java to trust your self-signed certificate. You do this by using Java's keytool
command to import the certificate (not the key) from your Sonarqube server into Java's cacerts
truststore:
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias SonarQube -import -file sonarqube.crt
Alternatively you may be able to use tools such as Portecle to perform the import if you have GUI based access to your Jenkins host.
Answered By - mc1arke