I was working on publishing the code coverage metrics using sonar-scanner to the Sonarqube server and found the below error in the terminal window.
“sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
”
Turns out that Java is not trusting the self-signed certificate used at my work because it is not present in the TrustStore.
Solution:
Open terminal.
Step 1: View the SSL certs used at the remote endpoint by executing the below command:
openssl s_client -showcerts -connect sonarqube-at.remote.server.com:443
In the above step, we are just checking if the cert is exportable. Please note the server address does NOT have ‘https://’ part.
Step 2: Export those certs locally:
openssl s_client -connect sonarqube-at.remote.server:443 | openssl x509 -out sonar_ssl.cert
By default, the cert will get exported to your home folder.
Step 3: Please make sure to check your JDK version and update the command as needed.
Import, the cert to Java trust store:
sudo keytool -import -alias sonar_certificate -file sonar_ssl.cert -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_212.jdk/Contents/Home/jre/lib/security/cacerts
You will be asked to enter the system admin password.
Then it will ask for the key store password which is ‘changeit’ by default.
Then there will be a confirmation prompt for which you need to enter ‘yes’.
Once the above steps are complete, restart the system so that the changes will take effect.
Read more at:
- Java: ‘Unable to find valid certification path to requested target’ error while accessing S3 data
- PKIX path building failed error message
- SonarQube over https
- “PKIX path building failed” and “unable to find valid certification path to requested target”
- What is the difference between a .CRT and a .CER file?
- How to obtain the location of cacerts of the default java installation?
- Add Certificate to Java Keystore on OS X