1、HttpClient配置ssl,绕过证书验证:
自定义实现X509ExtendedTrustManager,JDK会使用TrustAnyTrustManager来验证证书算法,而这个类所有的验证方法都是空方法,也就是不验证。
2、报错信息:
ConnectException:com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Fail to verify issuer; internal cause is:
java.security.cert.CertPathValidatorException: Signature does not match.
3、注意:对服务端的证书无条件的信任是不安全的
4、必要jar包:
①commons-logging-1.2.jar(有的时候不需要,不过配置上比较好)
②httpclient-4.3.4.jar
③httpclient-cache-4.3.4.jar
④httpcore-4.3.2.jar
⑤httpmime-4.3.4.jar
5、SSLClient.java
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.h