SSL is replacing by TLS, the browser trusts some root CA.
For Java, need add CA to trust store.
Could put .cer into .jks file (use key store explorer for conveience), and run Java application by specify -Djavax.net.ssl.trustStore=C:/Users/Redirection/pengp2/Downloads/cert/my_truststore.jks
If the cert is not provided or wrong, could throw the below exception:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
