Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The configuration is pretty standard. The information to access the certificate must be provided in the configuration of the web server.

Here 's a simple example:

...

are two examples: Generating a certificate / Reusing an existing certificate.

Generating a Certificate

Generate a RSA certificate

Run the following command:

...

It adds the certificate to USER_HOME/.keystore

Using an existing SSL certificate

 

.

Configure the SonarQube server

Open the SONARQUBE_HOME/conf/sonar.properties file and update it as below:

Code Block
titlesonar.properties
languagebash
...
# TCP port for incoming HTTP connections. Disabled when value is -1.
sonar.web.port=-1

# TCP port for incoming HTTPS connections. Disabled when value is -1 (default).
sonar.web.https.port=8999

# HTTPS - the alias used to for the server certificate in the keystore.
sonar.web.https.keyAlias=sonartomcat

# HTTPS - the password used to access the server certificate from the
sonar.web.https.keyPass=changeit

# HTTPS - the password used to access the specified keystore file. The default
# value is the value of sonar.web.https.keyPass.
sonar.web.https.keystorePass=changeit
...

Restart the web server. You should now only be able to access the SonarQube server over HTTPS on port 8999.

Running an Analysis

Update the settings of your analyzer (SONARQUBE_HOME/conf/sonar-runner.properties for SonarQube Runner or settings.xml for Maven...): sonar.host.url=https://localhost:8999

Analyze one of your projects to check that it works fine.

Use an Existing Certificate

Code Block
languagebash
# Generate a PKCS12 file with existing certificates and CAFile
$ openssl pkcs12 -export -in myserver.cert -inkey myserver.key -out myserver.p12 -name myserver -CAfile myserver.cert -caname root -chain

The name attribute value will be used for sonar.web.https.keyAlias.

The export password you have entered should be specify for sonar.web.https.keyPass.

Then copy your myserver.p12 file in a secure place (e.g. /opt/sonar/conf) and configure SonarQube to use it:

Code Block
...
# TCP port for incoming HTTP connections. Disabled when value is -1.
sonar.web.port=-1

# TCP port for incoming HTTPS connections. Disabled when value is -1 (default).
sonar.web.https.port=443

# HTTPS - the alias used to for the server certificate in the keystore.
# If not specified the first key read in the keystore is used.
sonar.web.https.keyAlias=myserver

# HTTPS - the password used to access the server certificate from the
# specified keystore file. The default value is "changeit".
sonar.web.https.keyPass=mykeypass

# HTTPS - the pathname of the keystore file where is stored the server certificate.
# By default, the pathname is the file ".keystore" in the user home.
# If keystoreType doesn't need a file use empty value.
sonar.web.https.keystoreFile=/opt/sonarqube/conf/myserver.p12

# HTTPS - the password used to access the specified keystore file. The default
# value is the value of sonar.web.https.keyPass.
#sonar.web.https.keystorePass=

# HTTPS - the type of keystore file to be used for the server certificate.
# The default value is JKS (Java KeyStore).
sonar.web.https.keystoreType=PKCS12

 

Configuring the SonarQube Web Server

Open the SONARQUBE_HOME/conf/sonar.properties file and update it as below:

Code Block
titlesonar.properties
languagebash
...
# TCP port for incoming HTTP connections. Disabled when value is -1.
sonar.web.port=-1

# TCP port for incoming HTTPS connections. Disabled when value is -1 (default).
sonar.web.https.port=8999

# HTTPS - the alias used to for the server certificate in the keystore.
sonar.web.https.keyAlias=sonartomcat

# HTTPS - the password used to access the server certificate from the
sonar.web.https.keyPass=changeit

# HTTPS - the password used to access the specified keystore file. The default
# value is the value of sonar.web.https.keyPass.
sonar.web.https.keystorePass=changeit
...

Restart the web server. You should now only be able to access the SonarQube server over HTTPS on port 8999.

Running an Analysis

Update the settings of your analyzer (SONARQUBE_HOME/conf/sonar-runner.properties for SonarQube Runner or settings.xml for Maven...): sonar.host.url=https://localhost:8999

Analyze one of your projects to check that it works fine.