JAVA HttpClient调用Https 跳过证书验证

开始时，报这个错误
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

System.setProperty("javax.net.debug","ssl");
httpclient = new DefaultHttpClient();
httpclient = getHttpsClient(httpclient);

public static HttpClient getHttpsClient(HttpClient httpClient) {
    ClientConnectionManager ccm = httpClient.getConnectionManager();
    SchemeRegistry sr = ccm.getSchemeRegistry();
    sr.register(new Scheme("https", MySSLSocketFactory.getInstance(), 443));
    httpClient = new DefaultHttpClient(ccm, httpClient.getParams());
    return httpClient;
}

MySSLSocketFactory.java
public class MySSLSocketFactory extends SSLSocketFactory {

    static {
        mySSLSocketFactory = new MySSLSocketFactory(createSContext(), new TrustAnyHostnameVerifier());
    }

    private static MySSLSocketFactory mySSLSocketFactory = null;


    private static SSLContext createSContext() {
        SSLContext sslcontext = null;
        try {
            sslcontext = SSLContext.getInstance("TLS");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        try {
            sslcontext.init(null, new TrustManager[]{new MyTrustAnyTrustManager()}, null);
        } catch (KeyManagementException e) {
            e.printStackTrace();
            return null;
        }
        return sslcontext;
    }

    private MySSLSocketFactory(SSLContext sslContext, X509HostnameVerifier hostnameVerifier) {
        super(sslContext, hostnameVerifier);
    }

    public static MySSLSocketFactorygetInstance() {
        if (mySSLSocketFactory != null) {
            return mySSLSocketFactory;
        } else {
            return mySSLSocketFactory = new MySSLSocketFactory(createSContext(), new TrustAnyHostnameVerifier());
        }
    }
}
MyTrustAnyTrustManager.java
public class MyTrustAnyTrustManager implements X509TrustManager{

    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        
    }

    public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        
    }

    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

}

TrustAnyHostnameVerifier.java
public class TrustAnyHostnameVerifier implements X509HostnameVerifier {

    @Override
    public boolean verify(String s, SSLSession sslSession) {
        return true;
    }

    @Override
    public void verify(String host, SSLSocket ssl) throws IOException {

    }

    @Override
    public void verify(String host, X509Certificate cert) throws SSLException {

    }

    @Override
    public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException {

    }
}

之后运行，报如下错误java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
因为在java1.6之后的这个配置文件中，认为MD2的加密方式安全性太低，因而不支持这种加密方式，同时也不支持RSA长度小于1024的密文
请修改java.security的配置文件
%JAVA_HOME%/jre/lib/security/java.security  
将
jdk.certpath.disabledAlgorithms=MD2 ....
修改为
#jdk.certpath.disabledAlgorithms=MD2 ....
重启tomcat生效