Scenario

You are running SonarQube on on-premise server using self-signed certificate for https access. SonarQube executes 3 steps in pipeline –
1. Prepare Analysis on SonarQube
2. SonarQube Analyze
3. SonarQube Publish

You are running your build agent on Linux box and you observe that it fails on first step in pipeline and throws this error

[error][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:”SELF_SIGNED_CERT_IN_CHAIN”}}

You have configured SonarQube scannerMode as ‘CLI‘ (Other (JavaScript, TypeScript, Go, Python, PHP, etc.))

 

Solution:

This error shows up due to missing PEM file which has all the certs. On Linux, certs are placed in /etc/ssl/certs folder.
Make sure you install certs using command-

export CERTS=/usr/local/share/ca-certificates

keytool -importcert -cacerts -noprompts -alias sonarqube -file $CERTS/sonarqube.pem -trustcacerts -storepass changeit && \
update-ca-certificates

Then set the variable NODE_EXTRA_CA_CERTS pointing to /etc/ssl/certs/sonarqube.pem in pipeline.

This will resolve the error.