添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
慷慨大方的炒饭  ·  SonarCloud finds ...·  1 周前    · 
近视的剪刀  ·  Certificate error ...·  2 天前    · 
风流倜傥的乒乓球  ·  Scanner certificate ...·  2 天前    · 
爱旅游的木瓜  ·  纽约艺术基金会:“艺术的梦想需要被支持”-公 ...·  3 周前    · 
光明磊落的香烟  ·  mysql bigint ...·  1 月前    · 
悲伤的拖把  ·  pandas.DataFrame.from_ ...·  2 月前    · 
鬼畜的薯片  ·  使用哪个YCbCr矩阵?BT.709或BT. ...·  6 月前    · 
谦虚好学的跑步机  ·  扁舟一棹归何处,家在江南黄叶村 - ...·  1 年前    · 
link管理  ›  Certificate error connecting to https://sonarcloud.io with Jenkins/Maven - PKIX error - SonarQube Cl
tls info sonar
https://community.sonarsource.com/t/certificate-error-connecting-to-https-sonarcloud-io-with-jenkins-maven-pkix-error/36033
近视的剪刀
2 天前

Hi all,

I’m having trouble setting up sonarcloud to be used with our Jenkins server and maven. I’m getting an error about sonarcloud.io having an invalid certificate which doesn’t make much sense so it’s possible I’m missing part of the configuration somewhere. Here is the error. I’ve been searching the forums and online, but I’m only finding instances of the same error when people are trying to reach their own SonarQube server not SonarCloud. 

[INFO] --- sonar-maven-plugin:3.7.0.1746:sonar (default-cli) @ janus ---
[INFO] User cache: /root/.sonar/cache
[ERROR] SonarQube server [http://sonarcloud.io] can not be reached
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 25.337 s
[INFO] Finished at: 2020-12-16T20:01:04+00:00
[INFO] Final Memory: 35M/105M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project XXX: Unable to execute SonarQube: Fail to get bootstrap index from server: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
[ERROR] 

Can someone point me in a direction to go with solving this?  I’ve been stuck for a while not sure what else to try.


Here’s some more information about what I’ve setup–maybe there’s something obvious I’m missing.


Added to pom.xml


<properties>
        <java.version>1.8</java.version>
        <sonar.projectKey>xxxxxxx</sonar.projectKey>
        <sonar.organization>xxxxxxx</sonar.organization>
        <sonar.host.url>http://sonarcloud.io</sonar.host.url>
</properties>

Jenkins Pipeline commands (running maven from docker image).  I’ve added the ssl info to see if that might help, but it doesn’t (could be doing it wrong…).


stage ('SonarQube Scan') {
        steps {
                withSonarQubeEnv('SonarCloud') {
                   sh "docker run --rm --name my-maven-project -v ${env.workspace}:/usr/src/app -v ${env.pwd}/.m2:/root/.m2 -w /usr/src/app 368128804956.dkr.ecr.us-east-1.amazonaws.com/maven:1 mvn org.jacoco:jacoco-maven-plugin:prepare-agent verify \
                        sonar:sonar -Dsonar.branch.name=${env.BRANCH_NAME} -X \
                        -Dsonar.login=xxxxxxxxxxxxxxxxxxxxxxxxxxxx \
                        -Dsonar.organization=xxxxxxx \
                        -Dsonar.projectKey=xxxxxxx \
                        -Dsonar.host.url=https://sonarcloud.io \
                        -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts"

Thanks in advance!

              
Hello @doug.walton and welcome to our Community!


Could you please check the host configuration? They should all be https and not http as the error says. I see in your pom.xml an usage of http only.


Please tell us if that fix your problem!

              
Hi @Alexandre_Holzhey, thanks for the response!


I was using https originally and changed it to http to see if that’d get around the certificate problem.  I’ve changed it back to https and am still getting the same error.


Here’s the full error with debugging turned on if helpful:


[ERROR] 15:17:21.347 SonarQube server [https://sonarcloud.io] can not be reached
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 28.048 s
[INFO] Finished at: 2020-12-18T15:17:21+00:00
[INFO] Final Memory: 36M/103M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project xxxxx: Unable to execute SonarQube: Fail to get bootstrap index from server: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project xxxxx: Unable to execute SonarQube
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:216)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:120)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:355)
	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:155)
	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:584)
	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:216)
	at org.apache.maven.cli.MavenCli.main(MavenCli.java:160)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Unable to execute SonarQube
	at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute(ScannerBootstrapper.java:67)
	at org.sonarsource.scanner.maven.SonarQubeMojo.execute(SonarQubeMojo.java:104)
	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:132)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
	... 19 more
Caused by: org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$$Lambda$40/49127538.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
	at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
	at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
	at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute(ScannerBootstrapper.java:56)
	... 22 more
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
	at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
	at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
	at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
	... 29 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:969)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:904)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:336)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:185)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.Transmitter.newExchange(Transmitter.java:169)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:81)
	at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:113)
	at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
	at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
	... 32 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
	... 62 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
	... 68 more

Thanks,

              
Our certificate is valid, so i guess it is something wrong with your Jenkins server. Could you please run the following (or similar) CLI command to check it? Do it at the same server/container/instance as the scanner is executed.


curl --verbose -o /dev/null https://sonarcloud.io


Here is my output as a reference:


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 52.57.210.241:443...
* TCP_NODELAY set
* Connected to sonarcloud.io (52.57.210.241) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [104 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3003 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=*.sonarcloud.io
*  start date: May 31 00:00:00 2020 GMT
*  expire date: May 19 23:59:59 2021 GMT
*  subjectAltName: host "sonarcloud.io" matched cert's "sonarcloud.io"
*  issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
*  SSL certificate verify ok.
} [5 bytes data]
> GET / HTTP/1.1
> Host: sonarcloud.io
> User-Agent: curl/7.68.0
> Accept: */*
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 
< Date: Fri, 18 Dec 2020 15:51:55 GMT
< Content-Type: text/html;charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Cache-Control: no-cache, no-store, must-revalidate
< vary: accept-encoding
{ [7903 bytes data]
100 90037    0 90037    0     0   480k      0 --:--:-- --:--:-- --:--:--  480k
* Connection #0 to host sonarcloud.io left intact

              
I added this curl command to the jenkins pipeline right before the docker/mvn line.  Looks like gave the same output as yours.  I’m thinking it must be something weird with maven or docker running maven, but not sure where to look there.  Here’s the output:


+ curl --verbose -o /dev/null https://sonarcloud.io
* Rebuilt URL to: https://sonarcloud.io/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 52.57.210.241...
* TCP_NODELAY set
* Connected to sonarcloud.io (52.57.210.241) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [104 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3003 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=*.sonarcloud.io
*  start date: May 31 00:00:00 2020 GMT
*  expire date: May 19 23:59:59 2021 GMT
*  subjectAltName: host "sonarcloud.io" matched cert's "sonarcloud.io"
*  issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
*  SSL certificate verify ok.
} [5 bytes data]
> GET / HTTP/1.1
> Host: sonarcloud.io
> User-Agent: curl/7.58.0
> Accept: */*
{ [5 bytes data]
< HTTP/1.1 200 
< Date: Fri, 18 Dec 2020 16:09:03 GMT
< Content-Type: text/html;charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Cache-Control: no-cache, no-store, must-revalidate
< vary: accept-encoding
{ [7903 bytes data]
100 40631    0 40631    0     0  58970      0 --:--:-- --:--:-- --:--:-- 58885
100 90037    0 90037    0     0   127k      0 --:--:-- --:--:-- --:--:--  127k
* Connection #0 to host sonarcloud.io left intact

              
Maybe this topic can guide you to check for proper Java truststore configuration: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html


The CURL command only checked SSL from OS context, not Java.

              
Thank you for the help!


I was able to get around this by not running maven from docker.  Running it from the command line directly worked fine and I setup our jenkins pipeline to run it that way instead.


Thanks!
 
推荐文章
慷慨大方的炒饭  ·  SonarCloud finds files that are not related to a Pull Requests as "new code" - SonarQube Cloud - Son
1 周前
近视的剪刀  ·  Certificate error connecting to https://sonarcloud.io with Jenkins/Maven - PKIX error - SonarQube Cl
2 天前
风流倜傥的乒乓球  ·  Scanner certificate issue - SonarQube Server / Community Build - Sonar Community
2 天前
爱旅游的木瓜  ·  纽约艺术基金会:“艺术的梦想需要被支持”-公益时报网
3 周前
光明磊落的香烟  ·  mysql bigint 转成字符串再拼接-CSDN博客
1 月前
悲伤的拖把  ·  pandas.DataFrame.from_csv — pandas 0.23.0 documentation
2 月前
鬼畜的薯片  ·  使用哪个YCbCr矩阵?BT.709或BT.601-腾讯云开发者社区-腾讯云
6 月前
谦虚好学的跑步机  ·  扁舟一棹归何处,家在江南黄叶村 - 黄苗子书法作品 - 概吧
1 年前
Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
link管理 - 链接快照平台