我正在使用颤振，却突然收到这个错误。基本上发生的是，在android/build中依赖项中的行。Gradle文件，如:

  classpath 'com.android.tools.build:gradle:4.1.0'
  classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"

要求从网上下载成绩文件的证明。但是当有什么东西阻止gradle下载这些证书时，通常会显示这个。

I tried exporting the certificate and adding it manually but it didn't seem to work for me. What worked for me, after countless head scratches, was disabling the proxies from your network preferences. It was somewhere mentioned that disabling Charles Proxy would fix it but at that moment, I was clueless what Charles was and what proxy was. And in my case, I did not have the Charles proxy thing so I went on with finding the proxies in the network preferences settings in Mac( it could be found somewhere in network settings for Windows). I had Socks enabled within the proxy. I disabled it and then again rebuilt the gradle and TA-DAH!!! It worked butter smooth.

There are a few things to remember. If you build your project right after disabling proxy without closing the network preferences tab, the disable proxies won't work and it will show the same error. Also if you've already built the project and you're running it again after disabling proxies, chances are it's gonna show the same error( could be due to IDE caches). How it worked for me: Restart the Mac, open a few tabs in the browser( for a few network calls), check the network preferences from system preferences>> wifi and disable proxies, close the system preferences app, and build the project.

为了安全起见，我们不应该在实现中使用自签名证书。然而，当涉及到开发时，我们经常不得不使用获得自签名证书的试验环境。我试图在我的代码中以编程方式解决这个问题，但我失败了。但是，通过将证书添加到jre信任存储区，解决了我的问题。请参考以下步骤，

下载网站证书， 使用Chrome 用火狐 将证书(例如:cert_file.cer)复制到$JAVA_HOME\Jre\Lib\Security目录 在“管理员”中打开CMD，将目录更改为“$JAVA_HOME\Jre\Lib\Security” 使用以下命令将证书导入信任存储区，

keytool -import -alias ca -file cert_file.cer -keystore cacerts -商店通行证更改它

如果你得到一个错误说keytool是不可识别的，请参考这个。

键入yes，如下所示

信任此证书:[是]

现在尝试使用java以编程方式运行代码或访问URL。

更新

如果你的应用服务器是jboss，尝试添加下面的系统属性

System.setProperty("org.jboss.security.ignoreHttpsHost","true");

希望这能有所帮助!

我想加入进来，因为我有一个QEMU环境，我必须在其中下载java文件。事实证明，QEMU中的/etc/ssl/certs/java/cacerts确实存在问题，因为它与主机环境中的/etc/ssl/certs/java/cacerts不匹配。主机环境位于公司代理的后面，因此java cacerts是一个定制版本。

如果您正在使用QEMU环境，请首先确保主机系统可以访问文件。例如，您可以先在您的主机上尝试此脚本。如果脚本在主机上运行得很好，但在QEMU上却不行，那么您也遇到了和我一样的问题。

为了解决这个问题，我必须对QEMU中的原始文件进行备份，将主机环境中的文件复制到QEMU chroot jail中，然后java才能在QEMU中正常下载文件。

更好的解决方案是将/etc挂载到QEMU环境中;但是我不确定其他文件是否会在这个过程中受到影响。所以我决定使用这个丑陋但简单的变通方法。

我在Android Studio中得到这个错误。所以我做了很多研究之后。

“Password”为“changeit”

步骤1:以管理员身份打开CMD

第二步:输入Powershell

步骤3:start-process powershell -verb runas

步骤4:在C:\Program Files\Android\Android中添加所有的证书 Studio\jre\lib\security此位置是cacert可用的位置。

第五步:进入Keytool目录Set-Location -Path "C:\Program Files\Android\Android Studio\jre\bin"

第六步:在powershell中执行以下命令:\ keytool -importcert -trustcacerts -alias GiveNameforyourcertificate -file "C:\Program Files\Android\Android Studio\jre\lib\security\Replace With Your Certificate name. "Cer " -keystore cacerts

步骤7:如果错误出现为证书已添加(访问被拒绝)，然后创建一个D驱动器分区(https://www.diskpart.com/windows-10/how-to-create-d-drive-from-c-drive-in-windows-10-0725.html)或移动您的文件到D驱动器，然后添加证书

如果你把文件保存在D盘，那么只执行这个

步骤8:keytool -importcert -trustcacerts -alias Nameyourcertificate -file "D:\Certificatename. txt "Cer " -keystore cacerts

\keytool -list -keystore cacerts . keystore cacerts . keystore - cacerts . keystore - cacerts . keystore - cacerts . keystore

我的观点是: 在我的例子中，cacerts不是一个文件夹，而是一个文件，而且它在两个路径上呈现 发现后，错误消失后复制。jks文件到该文件。

# locate cacerts    
/usr/java/jdk1.8.0_221-amd64/jre/lib/security/cacerts
/usr/java/jre1.8.0_221-amd64/lib/security/cacerts

备份后，我复制。jks。

cp /path_of_jks_file/file.jks /usr/java/jdk1.8.0_221-amd64/jre/lib/security/cacerts
cp /path_of_jks_file/file.jks /usr/java/jre1.8.0_221-amd64/lib/security/cacerts

注意:这个基本技巧解决了Genexus项目中的这个错误，尽管文件。jks也在Tomcat的server.xml文件中。

Make sure of your JVM location. There can be half a dozen JREs on your system. Which one is your Tomcat really using? Anywhere inside code running in your Tomcat, write println(System.getProperty("java.home")). Note this location. In <java.home>/lib/security/cacerts file are the certificates used by your Tomcat. Find the root certificate that is failing. This can be found by turning on SSL debug using -Djavax.net.debug=all. Run your app and note from console ssl logs the CA that is failing. Its url will be available. In my case I was surprised to find that a proxy zscaler was the one which was failing, as it was actually proxying my calls, and returning its own CA certificate. Paste url in browser. Certificate will get downloaded. Import this certificate into cacerts using keytool import.