此错误可能有两个来源:

There are two possible sources for this error:

• 另一方使用的是真正不受信任的证书(自签名或由不受信任的CA签名)，
• 或另一侧没有发送证书验证链(例如，在通往受信任CA的过程中存在中间签名证书，但是SSL握手中没有此证书).

第一种情况的解决方案是将不受信任的CA(或证书本身)添加到您的JRE信任库(${java.home}/lib/security/cacerts)或更高版本中-创建您自己的信任库(在升级Java时不会删除)并将其提供给您的应用程序通过 javax.net.ssl.trustStore JVM属性.

Solution for the first case is to add the untrusted CA (or the ceriticate itself) to your JRE truststore (${java.home}/lib/security/cacerts) or better - create your own truststore (which will not get removed when upgrading Java) and provide that to your application via javax.net.ssl.trustStore JVM property.

第二种情况下的解决方案是采用第一种情况下的解决方案，或者更好-劝说另一方发送正确的证书链.

Solution for the second case is either to go with the first case solution or better - convince the opposite side to send correct certificate chain.