There are two possible sources for this error:

此错误有两个可能的来源：

• either the opposite side is using genuinely untrusted certificate (self-signed or signed by untrusted CA),
• or the opposite side is not sending certificate validation chain (e.g. there is intermediate signing certificate along the way to your trusted CA, but this ceriticate is not present in the SSL handshake).

• 要么对方使用真正不受信任的证书（自签名或由不受信任的 CA 签名），
• 或者对方没有发送证书验证链（例如，在通往您受信任的 CA 的途中有中间签名证书，但 SSL 握手中不存在此证书）。

Solution for the first case is to add the untrusted CA (or the ceriticate itself) to your JRE truststore (${java.home}/lib/security/cacerts) or better - create your own truststore (which will not get removed when upgrading Java) and provide that to your application via javax.net.ssl.trustStoreJVM property.

第一种情况的解决方案是将不受信任的 CA（或证书本身）添加到您的 JRE 信任库 ( ${java.home}/lib/security/cacerts) 或更好 - 创建您自己的信任库（升级 Java 时不会被删除）并通过javax.net.ssl.trustStoreJVM 属性将其提供给您的应用程序。

Solution for the second case is either to go with the first case solutionor better - convince the opposite side to send correct certificate chain.

第二种情况的解决方案要么采用第一种情况，要么更好 - 说服对方发送正确的证书链。

Add certificate to JRE truststore @ ${java.home}/lib/security/cacerts OR if you have your own trustStore & provide path to that in your application/JVM. For example one possible way could be

将证书添加到 JRE 信任库 @ ${java.home}/lib/security/cacerts 或者如果您有自己的信任库并在您的应用程序/JVM 中提供该信任库的路径。例如，一种可能的方式可能是

or via java code

或通过java代码

import java.util.Properties;
...
    Properties systemProps = System.getProperties();
    systemProps.put("javax.net.ssl.keyStorePassword","passwordForKeystore");
    systemProps.put("javax.net.ssl.keyStore","pathToKeystore.ks");
    systemProps.put("javax.net.ssl.trustStore", "pathToTruststore.ts");
    systemProps.put("javax.net.ssl.trustStorePassword","passwordForTrustStore");
    System.setProperties(systemProps);
...

For more refer to details on RedHat site

有关更多信息，请参阅 RedHat站点上的详细信息

May be it will help refer to question

可能有助于参考问题