builder.put(Constants.FESEN_PASSWORD, password);
        }
        final String authorities = fessConfig.getFesenHttpSslCertificateAuthorities();
        if (StringUtil.isNotBlank(authorities)) {
            builder.put("http.ssl.certificate_authorities", authorities);
        }
        return new HttpClient(builder.build(), null);
    }

        final String authorities = fessConfig.getFesenHttpSslCertificateAuthorities();
        if (StringUtil.isNotBlank(authorities)) {
            if (logger.isDebugEnabled()) {
                logger.debug("Loading certificate_authorities: {}", authorities);
            }
            try (final InputStream in = new FileInputStream(authorities)) {

signs the other party's chain.

Well-Known Certificate Authorities
----------------------------------

In these examples we've prearranged which root certificates to trust. But for regular HTTPS on the
Internet this set of trusted root certificates is usually provided by default by the host platform.
Such a set typically includes many root certificates from well-known certificate authorities like
Entrust and Verisign.

apiVersion: release-notes/v2
kind: feature
area: security
issue:
  - 27606

releaseNotes:
- |

	if len(m.Answers) > 0 {
		s += m.Answers[0].GoString()
		for _, a := range m.Answers[1:] {
			s += ", " + a.GoString()
		}
	}
	s += "}, Authorities: []dnsmessage.Resource{"
	if len(m.Authorities) > 0 {
		s += m.Authorities[0].GoString()
		for _, a := range m.Authorities[1:] {
			s += ", " + a.GoString()
		}
	}
	s += "}, Additionals: []dnsmessage.Resource{"
	if len(m.Additionals) > 0 {

and increase connectivity with web servers.

### Certificate Pinning ([.kt][CertificatePinningKotlin], [.java][CertificatePinningJava])

import okio.ByteString.Companion.toByteString

/**
 * Constrains which certificates are trusted. Pinning certificates defends against attacks on
 * certificate authorities. It also prevents connections through man-in-the-middle certificate
 * authorities either known or unknown to the application's user.
 * This class currently pins a certificate's Subject Public Key Info as described on

    sslContext.init(null, new TrustManager[] { trustManager }, null);

    return sslContext.getSocketFactory();
  }

  /** Returns a trust manager that trusts the VM's default certificate authorities. */
  private X509TrustManager defaultTrustManager() throws GeneralSecurityException {
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
        TrustManagerFactory.getDefaultAlgorithm());

	metav1.TypeMeta

	// Certificates holds a list of certificates to show expiration information for.
	Certificates []Certificate `json:"certificates"`

	// CertificateAuthorities holds a list of certificate authorities to show expiration information for.
	CertificateAuthorities []Certificate `json:"certificateAuthorities"`

	metav1.TypeMeta

	// Certificates holds a list of certificates to show expiration information for.
	Certificates []Certificate

	// CertificateAuthorities holds a list of certificate authorities to show expiration information for.
	CertificateAuthorities []Certificate