Maven sonar plugin: trust self-signed certificate

Question

I try to launch maven sonar:sonar to a SonarQube instance on HTTPS connection with a self-signed certificate. Maven give me this error:

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.4.0.905:sonar (default-cli) on project data.model: Unable to execute SonarQube: Fail to get bootstrap index from server: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

Answer 1

Note: Make sure you run terminal as administrator or with sudo

1. Run command to fetch certificate your sonarqube

$ openssl s_client -showcerts -connect {domain}:{port}

example:
$ openssl s_client -showcerts -connect sonarqube.com:443

2. Copy certificate to a new file mycert.pem

New file: mycert.pem

3. Import the certificate to JDK->JRE

$ keytool -importcert -file {filename}.pem -keystore "{jdk_path}/jre/lib/security/cacerts" -alias "{somename}" -storepass changeit

example:
$ keytool -importcert -file mycert.pem -keystore "/c/Program Files/Java/jdk1.8.0_202/jre/lib/security/cacerts" -alias "MyCert" -storepass changeit

Type yes

4. Run SonarQube Command with your sonarqube link

$ mvn clean package -U sonar:sonar -Dsonar.host.url=https://sonarqube.com -Dsonar.projectKey=MyApp -Dsonar.projectName=MyApp -Dsonar.projectVersion=2.4.1 -Dsonar.language=java -Dsonar
.sources=src/main/java -Dsonar.tests=src/test/java '-Dsonar.exclusions=**/*Test*/**' -Dsonar.java.binaries=target/classes -Djavax.net.debug="ssl,handshake"

Answer 2

You can import the server certificate in your truststore:

keytool -import -v -trustcacerts -alias mySonarServer -file sonarServer.crt -keystore cacerts

Where cacerts is the one from the JRE installation.