应该有很多小伙伴遇到这样一个问题，在线上已发布的app里，关于https的cer证书过期，从而导致app所有网络请求失效无法使用。
  这个时候有人就要说了，应急发布一个已更新最新cer证书的apk不就完事了么，其实没那么简单，iOS还好可以通过appstore提供的api查询到新版本，但android就不一样了，需要调用自己Server端提供的api接口查询到新版本，并获取apk下载路径，问题是https都不能访问了，如何请求到版本信息呢？
  博主在这里提供2种解决方案
  方案一：将版本信息接口让后台改成http（不推荐，后台因素不可控），或者将本地https的设置一个不安全校验（推荐），代码如下:

private static OkHttpClient newOkHttpClient(int timeout){         HttpLoggingInterceptor logging = new HttpLoggingInterceptor();        logging.setLevel(HttpLoggingInterceptor.Level.BODY);         return new OkHttpClient.Builder()                .addInterceptor(new RequestInfoInterceptor())                //.addInterceptor(logging)                .addNetworkInterceptor(new TokenHeaderInterceptor())                .sslSocketFactory(Certificate.getSSLSocketFactory())                //设置不安全校验                .hostnameVerifier(Certificate.getUnSafeHostnameVerifier())                .readTimeout(timeout, TimeUnit.SECONDS)                .writeTimeout(timeout, TimeUnit.SECONDS)                .build();    }     /**     *获取HostnameVerifier      */    public static HostnameVerifier getUnSafeHostnameVerifier() {        HostnameVerifier hostnameVerifier = new HostnameVerifier() {            @Override            public boolean verify(String s, SSLSession sslSession) {                return true;            }        };        return hostnameVerifier;    }

方案二：将xxx.cer证书改成动态读取（以文件的方式从app沙盒里面读取即可），在https证书即将过期时，从服务器下载最新的cer证书更新到沙盒里面，App每次初始化网络请求时读取sdcard最新的证书文件，这样App就永远不会出现https证书过期导致无法使用的问题，流程图如下：

image.png

这里粘贴关键设置cer证书的代码

    private static OkHttpClient newOkHttpClient(int timeout){         HttpLoggingInterceptor logging = new HttpLoggingInterceptor();        logging.setLevel(HttpLoggingInterceptor.Level.BODY);         return new OkHttpClient.Builder()                .addInterceptor(new RequestInfoInterceptor())                //.addInterceptor(logging)                .addNetworkInterceptor(new TokenHeaderInterceptor())                .sslSocketFactory(Certificate.getSSLSocketFactory(BaseApplcation.myApp, new String[]{"/sdcard/xxx.cer"}))                .hostnameVerifier(Certificate.getUnSafeHostnameVerifier())                .readTimeout(timeout, TimeUnit.SECONDS)                .writeTimeout(timeout, TimeUnit.SECONDS)                .build();    }      /**     * 带证书的，从本地文件读取     * @param context     * @param certificatesFiles  本地文件（通过下载到本地）     * @return     */    public static SSLSocketFactory getSSLSocketFactory(Context context, String[] certificatesFiles) {        if (context == null) {            throw new NullPointerException("context == null");        }        CertificateFactory certificateFactory;        try {            certificateFactory = CertificateFactory.getInstance("X.509");            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());            keyStore.load(null, null);             for (int i = 0; i < certificatesFiles.length; i++) {                InputStream certificate = new FileInputStream(certificatesFiles[i]);                keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));                 if (certificate != null) {                    certificate.close();                }            }            SSLContext sslContext = SSLContext.getInstance("TLS");            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());            trustManagerFactory.init(keyStore);            sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());            return sslContext.getSocketFactory();        } catch (Exception e) {         }        return null;    }   /**     * 带证书的，从raw资源中读取     * @param context     * @param certificates  rawIds     * @return     */    public static SSLSocketFactory getSSLSocketFactory(Context context, int[] certificates) {        if (context == null) {            throw new NullPointerException("context == null");        }        CertificateFactory certificateFactory;        try {            certificateFactory = CertificateFactory.getInstance("X.509");            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());            keyStore.load(null, null);             for (int i = 0; i < certificates.length; i++) {                InputStream certificate = context.getResources().openRawResource(certificates[i]);                keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));                 if (certificate != null) {                    certificate.close();                }            }            SSLContext sslContext = SSLContext.getInstance("TLS");            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());            trustManagerFactory.init(keyStore);            sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());            return sslContext.getSocketFactory();        } catch (Exception e) {         }        return null;    } 

总结一下，方案一需要App升级解决证书过期问题，方案二无需升级即可解决升级问题，小伙伴们，设置证书用哪种方式，心里有答案了吧。
代码虽简单，就当做个笔记。