So I worked on this from a different point of view. I pulled down the SonarQube source code and ran the test for the checkPat under the AzureDevOpsHttpClient. Come to find out, the cacerts keystore was not being updated, even though Java indicated that the alias wasn’t properly in there, see below:
"C:\Program Files\java\bin\keytool" -importcert -file C:\mycert.cer -alias enterprise-ca -keystore -cacerts -storepass "secret_password"
...
Trust this certificate? [no]: yes
Certificate was added to keystore
"C:\Program Files\java\bin\keytool" -importcert -file C:\mycert.cer -alias enterprise-ca -keystore -cacerts -storepass "secret_password"
keytool error: java.lang.Exception: Certificate not imported, alias <enterprise-ca> already exists
This was run in an administrative command prompt to ensure UAC could not affect writing to the cacerts keystore, but I noticed after further checking that the modification date wasn’t changed. So I used another tool KeyStore Explorer (keystore-explorer.org) which provides a GUI and I have used in the past. I was able to run it as an administrator and successfully was able to update the cacerts with my enterprise CA.
I am leaving this as a note for others that might be going through a similar situation and how I was able to resolve it.
Adam Brousseau