请记住,在高版本中从JDK访问HTTPS时发生了证书错误。代码如下CloseableHttpClienthttpClient=HttpClientBuilder.create().build();HttpGethttpGet=newHttpGet(url);CloseableHttpResponse响应=httpClient.execute(httpGet);简单的请求有如下错误,看得我一头雾水。我查了谷歌说要下载证书到jre/lib/security;不幸的是,mac的chrome和safari都无法导出证书;他们只能自己研究和查看错误信息。报错的主要原因是新版JDK的ssl验证报错:Causedby:sun.security.validator.ValidatorException:PKIXpathbuildingfailed:sun.security.provider.certpath.SunCertPathBuilderException:unabletofind在java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)在java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)在java.base/sun.security.validator.Validator.validate(Validator.java:264)在java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)在java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)atjava.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)...24more所以只需要重写X509TrustManager,注入httpClient即可。X509TrustManager可以自己实现,也可以使用现成的实现,比如cn.hutool.core.net.DefaultTrustManagerSSLContextctx=SSLContext.getInstance("TLS");X509TrustManagertm=newDefaultTrustManager();ctx.init(null,newTrustManager[]{tm},null);SSLConnectionSocketFactoryssf=newSSLConnectionSocketFactory(ctx,NoopH??ostnameVerifier.INSTANCE);CloseableHttpClienthttpclient=HttpClients.custom().setSSLSocketFactory(ssf).build();返回http客户端;使用此httpclient绕过ssl证书检测
