We use Maven to perform Sonarqube scanning on our project:
$mvnsonar:sonar\
-Dsonar.host.url=https://sonarqube.example.com\
-Dsonar.login=71b7130c8\
-Dsonar.projectKey=FOO_bar\
-Dsonar.branch.name=release/6.0
However, for projects using an old JDK 1.8.0_60, this failed with:
[ERROR]SonarQubeserver[https://sonarqube.example.com]cannotbereached
[ERROR]Failedtoexecutegoal
org.sonarsource.scanner.maven:sonar-maven-plugin:3.8.0.2131:sonar
(default-cli)onprojectcore:UnabletoexecuteSonarScanner
analysis:Failtogetbootstrapindexfromserver:
sun.security.validator.ValidatorException:PKIXpathbuildingfailed:
sun.security.provider.certpath.SunCertPathBuilderException:unableto
findvalidcertificationpathtorequestedtarget->[Help 1]
Adding this parameter was helpful in seeing what was going inside the JDK:
-Djavax.net.debug="ssl,handshake"
The reason was that the cacerts SSL/TLS certificate store in the JDK
was out of date. It didn't have the certificates needed to establish
the chain of trust used when generating the TLS certificate on
sonarqube.example.com.
To remedy this, I used the cacerts provided with apt-get installed
openjdk-11-jdk-headless package:
# cd /usr/lib/jvm/java-1.8.0_60-oracle/jre/lib/security
# mv cacerts cacerts.orig
# ln -s /etc/ssl/certs/java/cacerts
That's it. Java, and by that, the Maven and the Sonarqube scanner, can
now connect to websites served over https.