Jenkins unable to connect SonarQube using https & SSL

Question

Environment details

SonarQube – Version - 6.7.6(LTS)
OS – CentOS – 7.6
Protocol- Https
Certificate: SSL – Self Signed.
Jenkins: 2.164.1
Sonar Scanner Version - 3.3.0.1492
Nginx configured for reverse proxy.

On my Sonarqube server, I have created self-signed certificate using below command.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/ssl-key/ sonarqube.key -out /root/ssl-key/sonarqube.crt

From Jenkins while analyzing the code getting below errors

11:30:33.957 ERROR: SonarQube server [https://sonarqube/sonar] can not be reached
11:30:33.958 INFO: ------------------------------------------------------------------------
11:30:33.958 INFO: EXECUTION FAILURE
11:30:33.958 INFO: ------------------------------------------------------------------------
11:30:33.959 INFO: Total time: 0.487s
11:30:33.987 INFO: Final Memory: 4M/121M
11:30:33.987 INFO: ------------------------------------------------------------------------
11:30:33.988 ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
        at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
        at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
        at org.sonarsource.scanner.api.internal.Jars.getBootstrapIndex(Jars.java:100)
        at org.sonarsource.scanner.api.internal.Jars.getScannerEngineFiles(Jars.java:76)
        at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
        at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
        ... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have the following two files in my sonarqube server (sonarqube.key and sonarqube.crt), Later I have copied these two files to my Jenkins server and executed still falling with same errors.

Answer 1

Since Jenkins runs on Java, you need to get Java to trust your self-signed certificate. You do this by using Java's keytool command to import the certificate (not the key) from your Sonarqube server into Java's cacerts truststore:

keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias SonarQube -import -file sonarqube.crt

Alternatively you may be able to use tools such as Portecle to perform the import if you have GUI based access to your Jenkins host.