StartTLS LDAP with internally signed certs

565 views
Skip to first unread message

doubt...@gmail.com

unread,
Jan 3, 2017, 3:54:27 PM1/3/17
to SonarQube
Hi,

I'm trying to figure out how to get a docker instance of Sonarqube to trust the cert issued to the internal ldap server.

Currently, I'm getting:

2017.01.03 20:46:39 DEBUG web[][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812) [tomcat-embed-core-8.0.
...
Caused by: javax.naming.NamingException: StartTLS failed
...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested t
arget
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


I tried:
sonar.web.javaAdditionalOpts=-Djavax.net.ssl.keyStore=/opt/sonarqube/conf/corp-256.store 
and
sonar.web.https.keystoreFile=/opt/sonarqube/conf/corp-256.store

But neither seems to help.

Is there another way to configure the trusted CA certs that Sonarqube will use?

Thanks!
Ben

Julien Lancelot

unread,
Jan 4, 2017, 7:21:02 AM1/4/17
to doubt...@gmail.com, SonarQube
Hi Ben,

Since LDAP 2.1, StartTLS is available using the setting ldap.StartTLS=true (see http://docs.sonarqube.org/display/PLUG/LDAP+Plugin for more information).

Regards,

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/cbf87bea-c814-4882-be7a-b93c74bdde34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Julien LANCELOT | SonarSource

Ben Wilson

unread,
Jan 4, 2017, 8:48:15 AM1/4/17
to Julien Lancelot, SonarQube
Yeah, I had that setting, it just wan't verifying the ldap server's cert.

I was able to get it working by passing a different option:

SONARQUBE_WEB_JVM_OPTS: -Djavax.net.ssl.trustStore=/opt/sonarqube/conf/corp-256.store 

\o/
Reply all
Reply to author
Forward
0 new messages