Maven SonarScanner and self signed certificate

Hi There,

we have a linux build machine with multiple Java versions. Our SonarQube Server uses a self signed Certificate. The CA is trusted in the system-wide truststore of the OS. It’s possible to access the SonarQube Server without certificate issues using curl f.e.

When running mvn sonar:sonar we get the error

[ERROR] SonarQube server [https://sonarqube.ourcompany.local] can not be reached

There is no hint of a certificate issue. For testing issues I added the certificate to the java truststore in /lib/security/cacerts. It brings me the hint

Certificate already exists in system-wide CA keystore under alias <ouralias>
Do you still want to add it to your own keystore? [no]:

But after adding the certificate, it works.

Any ideas, why the sonar maven plugin is not using the global truststore porperly? Because we are using multiple java versions it produces an overhead to add it to each truststore

Hi @PascalTurbo

What is your operating system? What is your procedure to install your system-wide truststore? From what I read there is no unique way for all Linux distributions.

Do you know if you can perform https request to your server with another Java tool?

You can also try to enable SSL debug logs in Maven:
MAVEN_OPTS="" && mvn sonar:sonar