更新:
-我从没做过这方面的专家,以下内容仅是一种解决方法,可能并不安全,请您自担风险-这篇文章已有3年以上历史,因此现在可能已过时(代码将无法编译),但您应该能够找到更新的方法或官方文档,其中指出某些部分已弃用或删除
感谢noloader向我指出校正方向。我使用以下方法解决了我的问题:
String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca);// my question shows how to get 'ca'TrustManagerFactory tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm());// Initialise the TMF as you normally would, for example:tmf.init(ca);TrustManager[] trustManagers = tmf.getTrustManagers();final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0];TrustManager[] wrappedTrustManagers = new TrustManager[]{ new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return origTrustmanager.getAcceptedIssuers(); } public void checkClientTrusted(X509Certificate[] certs, String authType) {origTrustmanager.checkClientTrusted(certs, authType); } public void checkServerTrusted(X509Certificate[] certs, String authType) {try { origTrustmanager.checkServerTrusted(certs, authType);} catch (CertificateExpiredException e) {} } }};SSLContext sc = SSLContext.getInstance("TLS");sc.init(null, wrappedTrustManagers, null);HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());在我的问题中提到的为该站点找到的3个证书中,对我有用的一个是 VeriSign 3类安全服务器CA-G3
