SonarQube add corporate root CA

Question

Good day everyone !

I have a simple problem, yet, not able to fix it. May I just need more coffee... Most probably...

Anyway...

I am using the official Docker images for SonarQube and need to connect Sonar to my auth server. That auth server can be called on a TLS route (https).

However, since that server is a internal server, it has a cert signed by our internal CA, so I need the Sonar Image to have my root CA added to the image. Which I did in the Docker file

FROM sonarqube
USER root
COPY cert/*.cer /usr/local/share/ca-certificates/
RUN /usr/sbin/update-ca-certificates
USER sonarqube

The Docker image get built, but I am still not able to call my auth server without having a self signed certificat therefore, not trusted error.....

I know the image is based on Debian, this is why I added the RootCA to /usr/local/share/ca-certificates/ ... So, why is this not working.... ?

May be I need to push my RootCA in .pem format directly in /etc/ssl/certs/ ?

score 4 · Answer 1 · answered Apr 02 '20 at 18:44

OK.

After some help from a collegue, it seem there is a variable you can set in the Sonar Docker image.

SONARQUBE_WEB_JVM_OPTS=-Djavax.net.ssl.trustStore=/tmp/yourPreBuilt.jks -Djavax.net.ssl.trustStorePassword=foo

That's it... (insert facepalm emoji here)

SonarQube add corporate root CA

1 Answers1