Azure DevOps“在SonarQube上准备分析"使用“让我们加密"通配符证书对Azure托管的SonarQube服务器执行任务失败 [英] Azure DevOps "Prepare analysis on SonarQube" task fails against our Azure hosted SonarQube server with a Let's Encrypt wildcard cert
问题描述
在Windows Hosted Agent上运行SonarQube任务时,我立即收到此错误.
When running the SonarQube task on the Windows Hosted Agent I get this error right away.
该错误显然与我们的加密签名说明中讨论的内容有关.
使用该页面上的信息作为指南,并尝试解决该问题,我在DevOps作业中创建了一个前置任务,以将所有证书从链中添加到DevOps Agent框中的Java密钥库中.我们对发行人(包括交叉签名人)的通配符.我能够做到这一点,但仍然可以从后续的Sonar任务中得到错误信息.
Using the info on that page as a guide and in an attempt to fix the problem I've created a predecessor task in the DevOps job to add to the Java keystore on the DevOps Agent box all the certs in the chain up from our wildcard to the issuer (including cross-signers). I'm able to do that but I still get the error from the follow-on Sonar task.
当我从代理对/api/server/version端点调用curl时,出现错误"curl:(60)SSL证书问题:无法获取本地颁发者证书".
When I invoke curl against the /api/server/version endpoint from the Agent I get the error "curl: (60) SSL certificate problem: unable to get local issuer certificate".
据我了解,Sonar任务将依赖于Java密钥库,但curl不是.这似乎使两个应用程序都可以正常工作,我需要在2个位置添加这些受信任的证书,但我什至没有找到它们.谁能指导我解决此问题的说明?
It's my understanding that the Sonar task would rely on the Java keystore but that curl doesn't. That makes it seem like for both apps to work, I need to add these trusted certs in 2 places but I haven't found even one them. Can anyone guide me to instructions for resolving this issue?
戴夫
更新:认识到问题"已经解决.证书可能会有所帮助.您可以在这里链接
UPDATE: Realizing that the "problem" cert might be helpful. You can get it here link
推荐答案
我发现此问题的根源是我需要将SonarQuBe证书作为JRE证书存储区中的信任证书导入.
I've figured out that the root of this issue was that I needed to import SonarQuBe certificate as a trust ceritificate in the JRE certificate store.
您可以尝试以下步骤:
- 从此处 下载密钥库资源管理器
- 打开$ JAVA_HOME/jre/lib/security/cacerts
- 输入密码:changeit(在Mac上可以是changeme)
- 导入您的.crt文件.
- 保存并替换cacerts文件.
这篇关于Azure DevOps“在SonarQube上准备分析"使用“让我们加密"通配符证书对Azure托管的SonarQube服务器执行任务失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
