Self-Signed Certificate Error While Downloading SonarQube Binaries

[mfbrown86]

I'm working behind a proxy that performs SSL inspection so everything gets re-signed with my organization's self-signed cert and I get the following error when sonar-scanner-npm tries to download the SonarQube binaries:

ERROR: impossible to download and extract binary: self signed certificate in certificate chain
       SonarQube Scanner binaries probably don't exist for your OS (windows).
       In such situation, the best solution is to install the standard SonarQube Scanner (requires a JVM).
       Check it out at https://redirect.sonarsource.com/doc/install-configure-scanner.html

I need a way to add my organization's root CA cert to the list of trusted certs.

I've tried setting the NODE_EXTRA_CA_CERTS environment variable to point to a copy of my org's CA cert, but that doesn't seem to fix the issue.

I also know that I can use npm config set strict-ssl false to turn off SSL key validation altogether, but I want to avoid that since it's insecure.

[mfbrown86]

I forked this repository here and created a branch to implement a fix. I just kind of hacked something together, but it works. Let me know if you have any thoughts or suggestions!

[gabssnake]

Hi @mfbrown86,

Thanks for bringing this up. There seem to be multiple people having this issue, see #165.

We are tracking improvements over there, so I'll close this issue for now.

Please feel free to reopen if you want to try a PR.