Yes Colin, you are right. With
-Djavax.net.ssl.trustStore=/path/to/file/jks
the error message is “Unable to read truststore from ‘/path/to/file/jks’: Uninitialized keystore” and is pretty vague.
Now with
-Dsonar.scanner.truststorePath=/path/to/file/jks
(as per your suggestion) the error message becomes “Unable to read truststore from ‘/path/to/file/jks’: password incorrect or store tampered with”, which is significantly more indicative.
Adding also
-Dsonar.scanner.truststorePassword=“”
the error message becomes “BC JKS store is read-only and only supports certificate entries”.
And finally your colleague Julien Henry brilliantly provided the last bit here : by removing a private key that was lying in my .jks truststore, I ended making my “mvn sonar:sonar” command work with version 5.2 of the Maven plugin.
Thank you very much for your help!