解决httpclient访问自签名https报javax.net.ssl.SSLHandshakeException:

使用HTTPClient访问百度时报错

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:191)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:390)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:428)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
	at cn.liang.httpclient.HttpClientUtils.doGet(HttpClientUtils.java:36)
	at cn.liang.httpclient.HttpClientUtils.doGet(HttpClientUtils.java:15)
	at cn.liang.httpclient.HttpClientGet.main(HttpClientGet.java:5)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
	at sun.security.validator.Validator.validate(Validator.java:262)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
	... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
	... 27 more

出现这个错误是因为构建了一个https协议的站点，而这个站点的安全证书并不是合法的第三方证书颁发机构所签发，所以使用HTTPClient去访问这个站点时就会报如上错误

JDK的证书库里面没有将该站点的证书作为受信任的安全证书。

解决的办法：导入该站点的证书，将证书导入到Java的信任证书库中。

步骤：
1、打开浏览器按F12键，按如下步骤找到证书路径，记住这个战证书名称DO_NOT_**
2.开始-运行中输入certmgr.msc,选择–收信人的根证书颁发机构–证书–找到刚才找到的证书名称-右击–所有任务–导出–点击下一步–选择使用的格式（一般都是默认）—自定义文件名–导出成功

3.找到Java中的cacerts证书库
D:\Program Files (x86)\Java\jre1.8.0_181\lib\security目录

4.在开始–运行中进入到3步骤的目录，并输入命令 keytool -import -alias cacerts -keystore cacerts -file C:\XXX.cer -trustcacerts，然后敲回车键（这个c盘就是自己存放导出的证书的路径，名称是自己之前命名的）。

5。如果出现keytool不是内部或外部命令，参考https://blog.csdn.net/chinassj/article/details/85603736

6.然你输入密钥库的口令，一般Java职工的cacerts证书库默认密码为changeit，输入密码时，密码时不显示出来的，输入之后按回车键

7.是否信任此证书？输入y，添加证书就成功了