SonarQube build step fails with “Self-Signed Certificate in Certificate Chain” in Azure DevOps
I am currently setting up a build pipeline in Azure DevOps with a self-hosted agent. Everything is working great so far except the SonarQube build steps.
When executing the Prepare SonarQube on my self-hosted agent it fails with the following error:
2018-11-19T14:14:19.1070144Z ##[debug]organization=null
2018-11-19T14:14:19.1087901Z ##[debug]scannerMode=MSBuild
2018-11-19T14:14:19.1093031Z ##[debug]projectKey=online:kiamservices:main
2018-11-19T14:14:19.1095851Z ##[debug]projectName=Online – KIAM Services
2018-11-19T14:14:19.1098962Z ##[debug]projectVersion=1.0
2018-11-19T14:14:19.1104908Z ##[debug][SQ] API GET: '/api/server/version' with query "undefined"
2018-11-19T14:14:19.2819233Z ##[debug][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2832616Z ##[debug]task result: Failed
2018-11-19T14:14:19.2928009Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2943259Z ##[debug]Processed: ##vso[task.issue type=error;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2946004Z ##[debug]Processed: ##vso[task.complete result=Failed;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.3015449Z ##[section]Finishing: Prepare SonarQube
If I run the same setup on a microsoft hosted agent it runs just fine.
It is correct that my organization uses it's own Certificate Authority but the certificates are present on the self hosted agent as far as I know.
Is there a way to tell SonarQube to just ignore certificate errors?
I have looked high and low and have sadly not found any information on this error that was even remotely helpful.
Thank you in advance!
sonarqube continuous-integration
azure-devops asked Nov 19 '18 at 14:37
Patrick BraunstorferPatrick Braunstorfer
92111
add a comment |
I am currently setting up a build pipeline in Azure DevOps with a self-hosted agent. Everything is working great so far except the SonarQube build steps.
When executing the Prepare SonarQube on my self-hosted agent it fails with the following error:
2018-11-19T14:14:19.1070144Z ##[debug]organization=null
2018-11-19T14:14:19.1087901Z ##[debug]scannerMode=MSBuild
2018-11-19T14:14:19.1093031Z ##[debug]projectKey=online:kiamservices:main
2018-11-19T14:14:19.1095851Z ##[debug]projectName=Online – KIAM Services
2018-11-19T14:14:19.1098962Z ##[debug]projectVersion=1.0
2018-11-19T14:14:19.1104908Z ##[debug][SQ] API GET: '/api/server/version' with query "undefined"
2018-11-19T14:14:19.2819233Z ##[debug][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2832616Z ##[debug]task result: Failed
2018-11-19T14:14:19.2928009Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2943259Z ##[debug]Processed: ##vso[task.issue type=error;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2946004Z ##[debug]Processed: ##vso[task.complete result=Failed;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.3015449Z ##[section]Finishing: Prepare SonarQube
If I run the same setup on a microsoft hosted agent it runs just fine.
It is correct that my organization uses it's own Certificate Authority but the certificates are present on the self hosted agent as far as I know.
Is there a way to tell SonarQube to just ignore certificate errors?
I have looked high and low and have sadly not found any information on this error that was even remotely helpful.
Thank you in advance!
sonarqube continuous-integration
azure-devops asked Nov 19 '18 at 14:37
Patrick BraunstorferPatrick Braunstorfer
92111
add a comment |
I am currently setting up a build pipeline in Azure DevOps with a self-hosted agent. Everything is working great so far except the SonarQube build steps.
When executing the Prepare SonarQube on my self-hosted agent it fails with the following error:
2018-11-19T14:14:19.1070144Z ##[debug]organization=null
2018-11-19T14:14:19.1087901Z ##[debug]scannerMode=MSBuild
2018-11-19T14:14:19.1093031Z ##[debug]projectKey=online:kiamservices:main
2018-11-19T14:14:19.1095851Z ##[debug]projectName=Online – KIAM Services
2018-11-19T14:14:19.1098962Z ##[debug]projectVersion=1.0
2018-11-19T14:14:19.1104908Z ##[debug][SQ] API GET: '/api/server/version' with query "undefined"
2018-11-19T14:14:19.2819233Z ##[debug][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2832616Z ##[debug]task result: Failed
2018-11-19T14:14:19.2928009Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2943259Z ##[debug]Processed: ##vso[task.issue type=error;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2946004Z ##[debug]Processed: ##vso[task.complete result=Failed;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.3015449Z ##[section]Finishing: Prepare SonarQube
If I run the same setup on a microsoft hosted agent it runs just fine.
It is correct that my organization uses it's own Certificate Authority but the certificates are present on the self hosted agent as far as I know.
Is there a way to tell SonarQube to just ignore certificate errors?
I have looked high and low and have sadly not found any information on this error that was even remotely helpful.
Thank you in advance!
sonarqube continuous-integration
azure-devops asked Nov 19 '18 at 14:37
Patrick BraunstorferPatrick Braunstorfer
92111
I am currently setting up a build pipeline in Azure DevOps with a self-hosted agent. Everything is working great so far except the SonarQube build steps.
When executing the Prepare SonarQube on my self-hosted agent it fails with the following error:
2018-11-19T14:14:19.1070144Z ##[debug]organization=null
2018-11-19T14:14:19.1087901Z ##[debug]scannerMode=MSBuild
2018-11-19T14:14:19.1093031Z ##[debug]projectKey=online:kiamservices:main
2018-11-19T14:14:19.1095851Z ##[debug]projectName=Online – KIAM Services
2018-11-19T14:14:19.1098962Z ##[debug]projectVersion=1.0
2018-11-19T14:14:19.1104908Z ##[debug][SQ] API GET: '/api/server/version' with query "undefined"
2018-11-19T14:14:19.2819233Z ##[debug][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2832616Z ##[debug]task result: Failed
2018-11-19T14:14:19.2928009Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2943259Z ##[debug]Processed: ##vso[task.issue type=error;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2946004Z ##[debug]Processed: ##vso[task.complete result=Failed;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.3015449Z ##[section]Finishing: Prepare SonarQube
If I run the same setup on a microsoft hosted agent it runs just fine.
It is correct that my organization uses it's own Certificate Authority but the certificates are present on the self hosted agent as far as I know.
Is there a way to tell SonarQube to just ignore certificate errors?
I have looked high and low and have sadly not found any information on this error that was even remotely helpful.
Thank you in advance!
sonarqube continuous-integration
azure-devops sonarqube continuous-integration
azure-devops asked Nov 19 '18 at 14:37
Patrick BraunstorferPatrick Braunstorfer
92111
asked Nov 19 '18 at 14:37
Patrick BraunstorferPatrick Braunstorfer
92111
asked Nov 19 '18 at 14:37
Patrick BraunstorferPatrick Braunstorfer
92111
asked Nov 19 '18 at 14:37
Patrick BraunstorferPatrick Braunstorfer
92111
asked Nov 19 '18 at 14:37
Patrick BraunstorferPatrick Braunstorfer
92111
92111
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Sonar uses the Java Keystore for its certificate checks. It doesn't look at windows' keystore at all. You'll likely be able to solve this by importing the correct certificates in the JVM's keystore using the keytool utility.
See also:
- https://sylvainleroy.com/2018/07/30/sonarqube-scanner-and-invalid-ssl-certificates/
answered Nov 19 '18 at 15:07
jessehouwingjessehouwing
67.8k10163237
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53376900%2fsonarqube-build-step-fails-with-self-signed-certificate-in-certificate-chain-i%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sonar uses the Java Keystore for its certificate checks. It doesn't look at windows' keystore at all. You'll likely be able to solve this by importing the correct certificates in the JVM's keystore using the keytool utility.
See also:
- https://sylvainleroy.com/2018/07/30/sonarqube-scanner-and-invalid-ssl-certificates/
answered Nov 19 '18 at 15:07
jessehouwingjessehouwing
67.8k10163237
add a comment |
Sonar uses the Java Keystore for its certificate checks. It doesn't look at windows' keystore at all. You'll likely be able to solve this by importing the correct certificates in the JVM's keystore using the keytool utility.
See also:
- https://sylvainleroy.com/2018/07/30/sonarqube-scanner-and-invalid-ssl-certificates/
answered Nov 19 '18 at 15:07
jessehouwingjessehouwing
67.8k10163237
add a comment |
Sonar uses the Java Keystore for its certificate checks. It doesn't look at windows' keystore at all. You'll likely be able to solve this by importing the correct certificates in the JVM's keystore using the keytool utility.
See also:
- https://sylvainleroy.com/2018/07/30/sonarqube-scanner-and-invalid-ssl-certificates/
answered Nov 19 '18 at 15:07
jessehouwingjessehouwing
67.8k10163237
Sonar uses the Java Keystore for its certificate checks. It doesn't look at windows' keystore at all. You'll likely be able to solve this by importing the correct certificates in the JVM's keystore using the keytool utility.
See also:
- https://sylvainleroy.com/2018/07/30/sonarqube-scanner-and-invalid-ssl-certificates/
answered Nov 19 '18 at 15:07
jessehouwingjessehouwing
67.8k10163237
answered Nov 19 '18 at 15:07
jessehouwingjessehouwing
67.8k10163237
answered Nov 19 '18 at 15:07
jessehouwingjessehouwing
67.8k10163237
answered Nov 19 '18 at 15:07
jessehouwingjessehouwing
67.8k10163237
67.8k10163237
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53376900%2fsonarqube-build-step-fails-with-self-signed-certificate-in-certificate-chain-i%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
