[在Android中使用自签名证书时，SSLPeerUnverifiedException

我正在尝试在应用中进行SSL固定，并遵循https://developer.android.com/training/articles/security-ssl上的说明，并在服务器上位于https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04的服务器上使用https://coursescraper.tookmund.com/生成自己的证书

但是，当我尝试连接到服务器时，出现异常：

javax.net.ssl.SSLPeerUnverifiedException: Hostname coursescraper.tookmund.com not verified:
        certificate: sha1/Uax3JSsdPAGgCg5XyWPR8mhrjRU=
        DN: CN=coursescraper.tookmund.com
        subjectAltNames: []

然后我按照https://developer.android.com/training/articles/security-config的指定将网络安全配置添加到我的应用程序中>

这使我可以删除所有SSLContext内容，但仍会产生完全相同的错误。

我试图关闭主机名验证程序只是为了查看发生了什么，但是在遇到相同的错误却没有在日志中看到VERIFY的情况下，所以甚至没有涉及主机名验证程序：

        // TODO: FIX THIS!!! THIS IS BAD!!!
    connection.setDefaultHostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String s, SSLSession sslSession) {
                    Log.v("VERIFY", s);
                    return true;
                }
            });
当我将应用程序中的证书文件切换到另一个证书时，我得到的是SSLHandshakeException：

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
因此固定似乎正常，我的证书有问题。

公用名是域名，从错误中可以看出，所以我不确定自己在做什么错。

连接curl效果很好：

$ curl -v --cacert school/mobilesecCSCI420/nginx-selfsigned.crt https://coursescraper.tookmund.com
* Expire in 0 ms for 6 (transfer 0x558aada3ef50)
* Expire in 1 ms for 1 (transfer 0x558aada3ef50)
...
* Expire in 50 ms for 1 (transfer 0x558aada3ef50)
*   Trying 54.165.223.53...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x558aada3ef50)
* Connected to coursescraper.tookmund.com (54.165.223.53) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: school/mobilesecCSCI420/nginx-selfsigned.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=coursescraper.tookmund.com
*  start date: Feb 13 05:51:45 2020 GMT
*  expire date: Feb 12 05:51:45 2021 GMT
*  common name: coursescraper.tookmund.com (matched)
*  issuer: CN=coursescraper.tookmund.com
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x558aada3ef50)
> GET / HTTP/2
> Host: coursescraper.tookmund.com
> User-Agent: curl/7.64.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< server: nginx/1.10.3
< date: Thu, 13 Feb 2020 16:35:28 GMT
< content-type: text/html
< content-length: 691
< last-modified: Sun, 09 Feb 2020 21:13:06 GMT
< etag: "5e4075e2-2b3"
< accept-ranges: bytes
< 
<!DOCTYPE html>
<html>
...

我正在尝试在我的应用程序中进行SSL固定，并已按照https://developer.android.com/training/articles/security-ssl上的说明进行操作，并通过https：// www生成了自己的证书。 ...