Hi There,
we have a linux build machine with multiple Java versions. Our SonarQube Server uses a self signed Certificate. The CA is trusted in the system-wide truststore of the OS. It’s possible to access the SonarQube Server without certificate issues using curl f.e.
When running mvn sonar:sonar
we get the error
[ERROR] SonarQube server [https://sonarqube.ourcompany.local] can not be reached
There is no hint of a certificate issue. For testing issues I added the certificate to the java truststore in /lib/security/cacerts. It brings me the hint
Certificate already exists in system-wide CA keystore under alias <ouralias>
Do you still want to add it to your own keystore? [no]:
But after adding the certificate, it works.
Any ideas, why the sonar maven plugin is not using the global truststore porperly? Because we are using multiple java versions it produces an overhead to add it to each truststore