calls.add("checkServerTrusted " + certificatesToString(chain))
    }

    private fun certificatesToString(certificates: Array<X509Certificate>): String {
      val result: MutableList<String> = ArrayList()
      for (certificate in certificates) {
        result.add(certificate.subjectDN.toString() + " " + certificate.serialNumber)
      }
      return result.toString()
    }
  }

  /**

          .addSubjectAlternativeName(hostname)
          .build()
      HandshakeCertificates
        .Builder()
        .heldCertificate(heldCertificate)
        .addTrustedCertificate(heldCertificate.certificate)
        .build()
    }
  private var acceptedHostName: String? = null

  @StartStop
  private val server = MockWebServer()

  @BeforeEach
  fun setUp() {
    // Test designed for Conscrypt and JSSE

  - [WARNING: etcd backup strongly recommended](#warning-etcd-backup-strongly-recommended)
  - [Major updates and release themes](#major-updates-and-release-themes)
  - [Action Required](#action-required-1)
    - [Certificates API](#certificates-api)
    - [Cluster Autoscaler](#cluster-autoscaler)
    - [Deployment](#deployment)
    - [Federation](#federation)
    - [Internal Storage Layer](#internal-storage-layer)

        .addSubjectAlternativeName(server.hostName)
        .build()
    val serverHandshakeCertificates =
      HandshakeCertificates
        .Builder()
        .addTrustedCertificate(clientCa.certificate)
        .heldCertificate(serverCertificate)
        .build()
    server.useHttps(serverHandshakeCertificates.sslSocketFactory(), false)
    server.enqueue(MockResponse().setBody("abc"))
    server.requestClientAuth()

如果你很赶时间或不在乎，请继续阅读后续章节，它们会提供逐步的教程，告诉你怎么使用不同技术把一切都配置好。

///

要从用户的视角**了解 HTTPS 的基础知识**，请查看 [https://howhttps.works/](https://howhttps.works/)。

现在，从**开发人员的视角**，在了解 HTTPS 时需要记住以下几点：

* 要使用 HTTPS，**服务器**需要拥有由**第三方**生成的**"证书(certificate)"**。
    * 这些证书实际上是从第三方**获取**的，而不是“生成”的。
* 证书有**生命周期**。
    * 它们会**过期**。
    * 然后它们需要**更新**，**再次从第三方获取**。
* 连接的加密发生在 **TCP 层**。
    * 这是 HTTP 协议**下面的一层**。
    * 因此，**证书和加密**处理是在 **HTTP之前**完成的。

        .addSubjectAlternativeName(server.hostName)
        .build()
    val serverHandshakeCertificates =
      HandshakeCertificates
        .Builder()
        .addTrustedCertificate(clientCa.certificate)
        .heldCertificate(serverCertificate)
        .build()
    server.useHttps(serverHandshakeCertificates.sslSocketFactory())
    server.enqueue(
      MockResponse
        .Builder()
        .body("abc")

* AWS: fix volume device assignment race condition ([#31090](https://github.com/kubernetes/kubernetes/pull/31090), [@justinsb](https://github.com/justinsb))
* The certificates API group has been renamed to certificates.k8s.io ([#31887](https://github.com/kubernetes/kubernetes/pull/31887), [@liggitt](https://github.com/liggitt))

            .rsa2048()
            .build()
        return@lazy HandshakeCertificates
          .Builder()
          .heldCertificate(heldCertificate)
          .addTrustedCertificate(heldCertificate.certificate)
          .build()
      }

      init {
        val platformSystemProperty = getPlatformSystemProperty()

        if (platformSystemProperty == JDK9_PROPERTY) {

Vor Let's Encrypt wurden diese **HTTPS-Zertifikate** von vertrauenswürdigen Dritten verkauft.

Der Prozess zum Erwerb eines dieser Zertifikate war früher umständlich, erforderte viel Papierarbeit und die Zertifikate waren ziemlich teuer.

Aber dann wurde **[Let's Encrypt](https://letsencrypt.org/)** geschaffen.

Nesse caso, ele usaria o certificado para `someapp.example.com`.

<img src="/img/deployment/https/https03.drawio.svg">

O cliente já confia na entidade que gerou o certificado TLS (nesse caso, o Let's Encrypt, mas veremos sobre isso mais tarde), então ele pode verificar que o certificado é válido.