How to use ccsh sonarimport with ssl certificate?

[ngerbode]

Hi, I am new to ccsh and wanted to test the sonarimport. Our company's sonarqube is internal and uses a self signed certificate. How can I tell ccsh to use that certificate?
Me first try without certificate ends in following exception:

ccsh sonarimport "https://sonar.xyz" "XYZ" "--user-token=sqa_XYZ" "--output-file=test" "--not-compressed" "--merge-modules=false"
Fetching SonarQube Version...
de.maibornwolff.codecharta.importer.sonar.SonarImporterException: Error requesting https://sonar.xyz/api/server/version
        at de.maibornwolff.codecharta.importer.sonar.dataaccess.SonarVersionAPIDatasource.getSonarqubeVersion(SonarVersionAPIDatasource.kt:34)
        at de.maibornwolff.codecharta.importer.sonar.SonarImporterMain.createMeasuresAPIImporter(SonarImporterMain.kt:99)
        at de.maibornwolff.codecharta.importer.sonar.SonarImporterMain.call(SonarImporterMain.kt:113)
        at de.maibornwolff.codecharta.importer.sonar.SonarImporterMain.call(SonarImporterMain.kt:24)
        at picocli.CommandLine.executeUserObject(CommandLine.java:2045)
        at picocli.CommandLine.access$1500(CommandLine.java:148)
        at picocli.CommandLine$RunAll.recursivelyExecuteUserObject(CommandLine.java:2540)
        at picocli.CommandLine$RunAll.recursivelyExecuteUserObject(CommandLine.java:2542)
        at picocli.CommandLine$RunAll.handle(CommandLine.java:2536)
        at picocli.CommandLine$RunAll.handle(CommandLine.java:2496)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2277)
        at picocli.CommandLine$RunAll.execute(CommandLine.java:2498)
        at picocli.CommandLine.execute(CommandLine.java:2174)
        at de.maibornwolff.codecharta.tools.ccsh.Ccsh$Companion.executeCommandLine(Ccsh.kt:102)
        at de.maibornwolff.codecharta.tools.ccsh.Ccsh$Companion.main(Ccsh.kt:86)
        at de.maibornwolff.codecharta.tools.ccsh.Ccsh.main(Ccsh.kt)
Caused by: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:275)
        at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:300)
        at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:687)
        at org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:709)
        at org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:703)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
        at org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:703)
        at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:686)
        at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:422)
        at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:318)
        at de.maibornwolff.codecharta.importer.sonar.dataaccess.SonarVersionAPIDatasource.getSonarqubeVersion(SonarVersionAPIDatasource.kt:32)
        ... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1318)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1675)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1599)
        at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:531)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:307)
        at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:428)
        at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:273)
        ... 28 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)
        at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271)
        at java.base/sun.security.validator.Validator.validate(Validator.java:256)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1302)
        ... 47 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
        at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
        at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383)
        ... 52 more

[ngerbode]

I found out for myself. Since ccsh is a java program, you have to add the certificate to java with the command “keytool -import -storepass changeit -keystore”. I was then able to successfully pull the data from the sonarqube.