I am using Jenkins Kubernetes plugin to provision slave agents (pods) that run the different tasks of a Java project build pipeline.
One of the pipeline stages consists of using Sonarqube to analyze the Java code:
try {
withSonarQubeEnv('SONARQUBE_CFG') {
sh "./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.2:sonar -Dsonar.branch=$branch -Dsonar.verbose=true"
}
} catch (ex) {
ex.printStackTrace()
}
The problem is I'm getting a SunCertPathBuilderException because it can't validate the certificate chain.
[ERROR] SonarQube server [https://sonarqube.profile.es] can not be reached
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 19.894 s
[INFO] Finished at: 2018-10-11T16:45:10Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.2:sonar (default-cli) on project myproject: Unable to execute SonarQube: Fail to download libraries from server: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
I have mounted the keystore from a config map in the jenkins slave pod at /cfg/keystore.jks
path but can't come up with a way to enforce the usage of that keystore. Ideas?
Your issue is not a certificate error. Your server simply cannot be reached.