在项目开发的工程中，突然出现了如下错误:

javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: Certificate expired at Thu Mar 15 07:59:59 GMT+08:00 2018 (compared to Thu Mar 15 09:43:41 GMT+08:00 2018)

初次查看网上有很多说是手机系统时间不正确，只要同步时间即可解决。

但是，当服务那边做CDN校验，即使同步了手机时间，也不能从根本上解决这个问题。具体看看错误，就能发现这个是证书过期，证书不信任。在此，可以使用如下方法进行解决：

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
 * Created by ncj on 2018/3/15.
 */

public class FakeX509TrustManager implements X509TrustManager {

private static TrustManager[] trustManagers;
private static final X509Certificate[] _AcceptedIssuers = new
        X509Certificate[] {};

@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
    //To change body of implemented methods use File | Settings | File Templates.
}

@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
    //To change body of implemented methods use File | Settings | File Templates.
}

public boolean isClientTrusted(X509Certificate[] chain) {
    return true;
}

public boolean isServerTrusted(X509Certificate[] chain) {
    return true;
}

@Override
public X509Certificate[] getAcceptedIssuers() {
    return _AcceptedIssuers;
}

public static void allowAllSSL() {
    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

        @Override
        public boolean verify(String arg0, SSLSession arg1) {
            // TODO Auto-generated method stub
            return true;
        }

    });

    SSLContext context = null;
    if (trustManagers == null) {
        trustManagers = new TrustManager[] { new FakeX509TrustManager() };
    }

    try {
        context = SSLContext.getInstance("TLS");
        context.init(null, trustManagers, new SecureRandom());
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (KeyManagementException e) {
        e.printStackTrace();
    }

    HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}

}

使用方法 在网络请求之前添加SSL信任：

FakeX509TrustManager.allowAllSSL();

到此结束。