I am a beginner to sonatype products, currently exploring lifecycle scanning capabilities. While attempting to scan a code repo using nexus-iq-cli I run into SSL related errors. I am unable to find documentation for resolving this issue. Can someone help point me in the right direction?
Command line:
./nexus-iq-cli -s https://iq-server./ -a : -i
Error Trace:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error details below:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base@17.0.12/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base@17.0.12/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
at java.base@17.0.12/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base@17.0.12/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
at java.base@17.0.12/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1351)
at java.base@17.0.12/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1226)
at java.base@17.0.12/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1169)
at java.base@17.0.12/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base@17.0.12/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base@17.0.12/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at java.base@17.0.12/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base@17.0.12/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base@17.0.12/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base@17.0.12/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base@17.0.12/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base@17.0.12/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
at com.sonatype.insight.client.utils.AbstractClientBuilder$RequestBuilder.execute(AbstractClientBuilder.java:172)
at com.sonatype.insight.client.utils.AbstractClientBuilder$RequestBuilder.get(AbstractClientBuilder.java:105)
at com.sonatype.insight.brain.client.ConfigurationClient.validateServerVersion(ConfigurationClient.java:193)
at com.sonatype.insight.brain.client.RestClientFactory$RestClient.validateServerVersion(RestClientFactory.java:189)
at com.sonatype.insight.scan.cli.AbstractPolicyEvaluator.validateServerVersion(AbstractPolicyEvaluator.java:441)
at com.sonatype.insight.scan.cli.AbstractPolicyEvaluator.validate(AbstractPolicyEvaluator.java:113)
at com.sonatype.insight.scan.cli.AbstractPolicyEvaluator.run(AbstractPolicyEvaluator.java:89)
at com.sonatype.insight.scan.cli.PolicyEvaluator.run(PolicyEvaluator.java:131)
at com.sonatype.insight.scan.cli.PolicyEvaluatorCli.run(PolicyEvaluatorCli.java:59)
at com.sonatype.insight.scan.cli.GraalPolicyEvaluatorCli.main(GraalPolicyEvaluatorCli.java:30)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base@17.0.12/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base@17.0.12/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base@17.0.12/sun.security.validator.Validator.validate(Validator.java:264)
at java.base@17.0.12/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at java.base@17.0.12/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base@17.0.12/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
… 32 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base@17.0.12/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
at java.base@17.0.12/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
at java.base@17.0.12/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base@17.0.12/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
… 37 common frames omitted
Sonatype CLI - Downloaded latest version from linux here. I don’t have java setup. Is it required?