Configuring SonarQube for HTTPS on Windows

Header Photo Credit: Lorenzo Cafaro (Creative Commons Zero License)

As of SonarQube v4.0, the server natively supports HTTPS access. The official configuration instructions, however, are not really clear for people who 1) aren't familiar with Java and 2) are running on a Windows server. So in this post, I'm documenting the steps I followed to get SonarQube server up and running with an SSL cert purchased from a signing authority.

Step 1: Create a PKCS#12 Cert File

If you already have a version of your cert that ends with .p12 or .pfx, you can skip this step. Otherwise, you likely have a .cert, .cer or .crt file. You'll need to convert it to PKCS#12 format using the instructions I've provided in a separate post: Converting a SSL Certificate to PKCS#12 Format on Windows

Step 2: Configure SonarQube

Copy the .pfx file you created in Step 1 to the /conf folder of your SonarQube install location. Then open the file in that same folder.

In the "Web" section of the file, you'll need to change the properties as follows:

  • sonar.web.https.port=443
    • This will enable HTTPS access on the port you provide (443 is the standard HTTPS port). If you want to force HTTPS access only, you should also set sonar.web.port=-1 to turn off HTTP access.
  • sonar.web.https.keyPass=changeit (where changeit is the password you provided during the Export Wizard in Step 1)
  • sonar.web.https.keystoreFile=C:/Path/To/Your/SonarQube/conf/exportedCert.pfx
    • Enter the correct path to the .pfx file (hit, Shift-Right-Click the file and choose "Copy as path". Make sure to use forward slashes in your path here, not the standard Windows back-slashes.
  • sonar.web.https.keystoreType=PKCS12

Now, restart your SonarQube server.

If there were issues loading your cert, such as a bad password, you may see entries like this in the /log/sonar log file:

Step 3: Change your default URL

Go to the Settings page for your SonarQube server and in the General section, change the URL to use This will ensure links generated by the system (such as in emails) point to the https link. Make sure the hostname you use matches your cert!