3

Good day everyone !

I have a simple problem, yet, not able to fix it. May I just need more coffee... Most probably...

Anyway...

I am using the official Docker images for SonarQube and need to connect Sonar to my auth server. That auth server can be called on a TLS route (https).

However, since that server is a internal server, it has a cert signed by our internal CA, so I need the Sonar Image to have my root CA added to the image. Which I did in the Docker file

FROM sonarqube
USER root
COPY cert/*.cer /usr/local/share/ca-certificates/
RUN /usr/sbin/update-ca-certificates
USER sonarqube

The Docker image get built, but I am still not able to call my auth server without having a self signed certificat therefore, not trusted error.....

I know the image is based on Debian, this is why I added the RootCA to /usr/local/share/ca-certificates/ ... So, why is this not working.... ?

May be I need to push my RootCA in .pem format directly in /etc/ssl/certs/ ?

yield
  • 731
  • 1
  • 8
  • 24

1 Answers1

3

OK.

After some help from a collegue, it seem there is a variable you can set in the Sonar Docker image.

SONARQUBE_WEB_JVM_OPTS=-Djavax.net.ssl.trustStore=/tmp/yourPreBuilt.jks -Djavax.net.ssl.trustStorePassword=foo

That's it... (insert facepalm emoji here)

yield
  • 731
  • 1
  • 8
  • 24
  • 1
    Exactly what I was looking for, Incase if some one need to know how to generate jks file from ca cert `echo root-ca.pem | keytool -import -noprompt -trustcacerts -alias sonarqube -storepass changeit -keystore sonarqube.jks` source: https://mdluo.com/get-sonar-scanner-cli-docker-to-work-with-self-signed-cert-sonarqube-server – Reddysekhar Gaduputi May 05 '22 at 09:13