Issues and solutions
1. Invalid certificate
The certificate used by the API provider is issued by a non-mainstream organization. The certificate can be used for browser access because the browser automatically updates the root certificate. However, the root certificate of the operating system of an earlier version does not trust the certificate issuance organization or the trust expires.
Solutions
1.Upgrade the client root certificate. For example, for Java+Linux, update the OpenSSL client. For other operating systems and programming languages, update the root certificates used by HTTPS in the programming language.
2.Contact the API provider to change for a mainstream SSL certificate with better compatibility.
3.You can skip the check of SSL certificate validity in the program. However, such a configuration is not recommended because the request may be hijacked. The method can be used only when the API provider cannot provide a mainstream SSL certificate with better compatibility and the security risk is controllable.
2. Expired SSL certificate of the API provider
The SSL certificate of the API provider expires.
Solutions
1.Contact the API provider to change the SSL certificate.
2.You can skip the check of SSL certificate validity in the program. However, such a configuration is not recommended because the request may be hijacked. The method can be used only when the API provider cannot provide a mainstream SSL certificate with better compatibility and the security risk is controllable.
51
