我有一个java应用程序，它通过ssl向第三方传输tls1.2。最近他们更新了他们的证书“破坏”了应用程序。

org.bouncycastle.tls.TlsFatalAlert: bad_certificate(42)
    at org.bouncycastle.jsse.provider.ProvTlsClient$1.notifyServerCertificate(Unknown Source)
    at org.bouncycastle.tls.TlsUtils.processServerCertificate(Unknown Source)
    at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(Unknown Source)
    at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown Source)
    at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
    at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
    at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
    at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
    at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
    at org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
    at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
    at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.handshakeIfNecessary(Unknown Source)
    at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataOutput.write(Unknown Source)
    at java.io.DataOutputStream.writeBytes(DataOutputStream.java:259)

不知道如何安装新的证书，我有*.cer格式。我试着用keytool添加到jre中，但是没有解决这个问题。有单独的bouncycastle商店需要我添加吗？如果是，怎么办？

Security.addProvider(new BouncyCastleProvider());
        Security.addProvider(new BouncyCastleJsseProvider());

        SSLContext context = SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
        context.init( null, null, new SecureRandom() );
        SSLSocketFactory ssf = context.getSocketFactory();
        SSLSocket s = (SSLSocket) ssf.createSocket( HOST, activePort );

        DataOutputStream dos = new DataOutputStream( s.getOutputStream() );

谢谢你的帮助！