这个错误有两种可能的来源:

There are two possible sources for this error:

• 对方正在使用真正不受信任的证书(自签名或由不受信任的 CA 签名)，
• 或对方未发送证书验证链(例如，在通往您信任的 CA 的过程中存在中间签名证书，但 SSL 握手中不存在此证书).

第一种情况的解决方案是将不受信任的 CA(或证书本身)添加到您的 JRE 信任库 (${java.home}/lib/security/cacerts) 或更好 - 创建您的自己的信任库(升级 Java 时不会被删除)并通过 javax.net.ssl.trustStore JVM 属性.

Solution for the first case is to add the untrusted CA (or the ceriticate itself) to your JRE truststore (${java.home}/lib/security/cacerts) or better - create your own truststore (which will not get removed when upgrading Java) and provide that to your application via javax.net.ssl.trustStore JVM property.

第二种情况的解决方案是采用第一种情况的解决方案或更好 - 说服对方发送正确的证书链.

Solution for the second case is either to go with the first case solution or better - convince the opposite side to send correct certificate chain.