Improved custom certificate authority documentation for Sonar-Scanner CLI

We recently hit the need to install an internal CA on a number of services and I think there are two things which could be improved:

  1. Use the more common terms “custom certificate authority” and/or “custom CA” in addition to “self-signed” in the documentation to make it easier to find: SonarScanner
  2. Have a complete example — the Java keytool chain is not well documented and even most Java developers are not especially familiar with it.

I ended up with a minimal Dockerfile but it took a few tries, especially because my first try involved exporting a work cacerts file, which lead to the immediate discovery that the format isn’t portable across JVMs implementing the same version, much less major versions:

FROM sonarsource/sonar-scanner-cli

RUN curl -fsLo /etc/ssl/certs/EXAMPLE-ROOT-CA-1.crt
RUN keytool -import -noprompt -alias EXAMPLE-ROOT-CA-1 -file /etc/ssl/certs/EXAMPLE-ROOT-CA-1.crt -storepass changeit -cacerts

Hi @acdha,

Thanks a lot for your suggestions! We’ll be happy to make this section clearer. I’ve created a ticket to make the suggested edits to the documentation.



Thank you!