SonarQube can run over HTTPS with both signed or unsigned certificates. The configuration is pretty standard. The information to access the certificate must be declared in the configuation of the web server. JVMs used by the analyzers must know the certificate.
You'll find below an a complete example: from the generation of an SSL Certificate to the configuration of the SonarQube web server and analyzeranalyzers.
Generating the SSL Certificate
Run the following command:
For test purpose, here's an example for a local SonarQube server:
Configuring the SonarQube Web Server
Open the SONARQUBE_HOME/conf/sonar.properties file and update it as below:
... # TCP port for incoming HTTP connections. Disabled when value is -1. sonar.web.port=-1 # TCP port for incoming HTTPS connections. Disabled when value is -1 (default). sonar.web.https.port=9000 # HTTPS - the alias used to for the server certificate in the keystore. sonar.web.https.keyAlias=sonartomcat # HTTPS - the password used to access the server certificate from the sonar.web.https.keyPass=changeit # HTTPS - the password used to access the specified keystore file. The default # value is the value of sonar.web.https.keyPass. sonar.web.https.keystorePass=changeit ...
Restart the web server. You should only be able to access the SonarQube server over HTTPS on port 9000.