0

I have set up a sonarqube instance via docker and I am using Caddyserver as a reverse proxy.

Unfortunately I am unable to execute the sonar scanner.
I get following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

There are quite a lot of similar questions out there and most of them say, that you have to import the servers certificate to the client.

I am not sure why I would need to do that for a trusted certificate.
I can connect to my sonarqube instance via chrome and the connection is marked as secure and the certificate as valid.

How is it possible that Chrome says my connection is valid but java doesn't?

JDurstberger
  • 111
  • 6

1 Answers1

2

unable to find valid certification path to requested target

This error tells you that Java is not able to validate the certificate as being trusted. Chrome doesn't necessarily use the same trust store as Java, or Firefox, or even curl (if applicable). Each system can have independent trust stores and not all necessarily share one trust store either.

In order to make sure the certificate is trusted, you will have to import the Root Certificate from the chain into the trust-store being used by Java. Without knowing more about the system being used, it's hard to say how you need to import the certificate. You may also want to try installing a generic trust store if you're going to have to work with varying sites that have different Root CA's.

Andrew
  • 2,057
  • 2
  • 16
  • 25