当我们使用httpclient连接远程的https服务的时候，我们可以将对方的证书导入到我们本地环境内，导入后即可访问对方的https网址了。</p>

keytool -import -file xxxx.cer -alias paypalm -keystore cacerts.jks-storepass xxxx

但是我碰到了这个错误

 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
略

我们几个人折腾个半死，一连接总是报这个错误
后来去掉了生成的证书的扩展名jks覆盖掉系统内的cacerts，这样导入……
keytool -import -file xxxx.cer -alias paypalm -keystore cacerts -storepass xxxx
成功了，一地眼泪……发在这里给同样碰到类似问题的兄弟们……