Java 为什么Let'对我的heroku资源和ssl证书的银行端http请求会引发异常；s加密_Java_Ssl_Heroku_Keystore_Lets Encrypt

Java 为什么Let'对我的heroku资源和ssl证书的银行端http请求会引发异常；s加密

java ssl heroku

Java 为什么Let'对我的heroku资源和ssl证书的银行端http请求会引发异常；s加密,java,ssl,heroku,keystore,lets-encrypt,Java,Ssl,Heroku,Keystore,Lets Encrypt,ssl证书有什么问题？它不是自签名的，但是。。。来自银行端java服务的日志附加在对my resource的回调调用上 2019-11-07 18:02:57,096 [callback-3] ERROR r.b.p.c.c.CallbackExecutor:49 - Error while sending first callback CallbackTO{merchantId=1579515003, merchantName='mentalplatform', url='https://pl

ssl证书有什么问题？它不是自签名的，但是。。。来自银行端java服务的日志附加在对my resource的回调调用上

2019-11-07 18:02:57,096 [callback-3] ERROR r.b.p.c.c.CallbackExecutor:49 - Error while sending first callback CallbackTO{merchantId=1579515003, merchantName='mentalplatform', url='https://platforma.openshkola.ru/letthespecificapibethesecret', params='{orderNumber=XXX, mdOrder=XXX, operation=deposited, status=1}', method='GET', successfulCode=null, successfulResponse='null', customQueueName='null'} javax.net.ssl.SSLException: Received fatal alert: internal_error

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)

at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)

at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)

at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:185)

at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:369)

at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:415)

at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)

at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)

at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)

at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)

at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)

at ru.bpc.payment.core.callback.HttpCallbackSender.send(HttpCallbackSender.java:96)

at ru.bpc.payment.core.callback.CallbackExecutor.lambda$0(CallbackExecutor.java:46)

at ru.bpc.payment.service.callback.PaymentCallbackService.lambda$1(PaymentCallbackService.java:97)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

那里的curl输出是：

curl -kvI https://platforma.openshkola.ru
* About to connect() to platforma.openshkola.ru port 443 (#0)
*   Trying 52.210.255.158...
* Connected to platforma.openshkola.ru (52.210.255.158) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*   subject: CN=platforma.openshkola.ru
*   start date: Oct 10 20:35:30 2019 GMT
*   expire date: Jan 08 20:35:30 2020 GMT
*   common name: platforma.openshkola.ru
*   issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: platforma.openshkola.ru
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Cowboy
Server: Cowboy
< Connection: keep-alive
Connection: keep-alive
< Expires: 0
Expires: 0
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< X-Xss-Protection: 1; mode=block
X-Xss-Protection: 1; mode=block
< Pragma: no-cache
Pragma: no-cache
< Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: strict-origin-when-cross-origin
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.youtube.com
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.youtube.com
< Date: Fri, 08 Nov 2019 11:26:38 GMT
Date: Fri, 08 Nov 2019 11:26:38 GMT
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< Content-Language: en-US
Content-Language: en-US
< X-Frame-Options: DENY
X-Frame-Options: DENY
< Last-Modified: Thu, 07 Nov 2019 13:11:45 GMT
Last-Modified: Thu, 07 Nov 2019 13:11:45 GMT
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< Feature-Policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
Feature-Policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
< Content-Length: 6260
Content-Length: 6260
< Content-Type: text/html;charset=utf-8
Content-Type: text/html;charset=utf-8
< Via: 1.1 vegur
Via: 1.1 vegur

< 
* Connection #0 to host platforma.openshkola.ru left intact

curl-kvIhttps://platforma.openshkola.ru
*即将连接（）到platforma.openshkola.ru端口443（#0）
*正在尝试52.210.255.158。。。
*连接到platforma.openshkola.ru（52.210.255.158）端口443（#0）
*使用certpath:sql:/etc/pki/nssdb初始化NSS
*跳过SSL对等证书验证
*使用TLS\u ECDHE\u RSA\u和\u AES\u 128\u GCM\u SHA256的SSL连接
*服务器证书：
*主题：CN=platforma.openshkola.ru
*开始日期：10月10日20:35:30格林尼治标准时间2019
*过期日期：1月8日20:35:30格林威治标准时间2020
*通用名称：platforma.openshkola.ru
*发卡机构：CN=让我们加密授权X3，O=让我们加密，C=US
>HEAD/HTTP/1.1
>用户代理：curl/7.29.0
>主持人：platforma.openshkola.ru
>接受：*/*
>

例外情况是因为银行端运行的jdk根CA版本早于Let's Encrypt

在heroku上修复它的方法是提供banls的回调https url“youapplication.appspot.com”，它处理的不是Let's Encrypt，而是其他证书提供程序，而不是获得的只有Let's Encrypt可用的一级域主机名。

你在heroku上运行的是什么版本的Java？@codefinger我运行1.8，但这并不重要。附加的日志不是来自我的代码，即调用我的应用程序的外部服务。而it的技术支持只能向我发送日志，无法澄清任何问题。因此，如果可能的话，解决问题的方法是在heroku端调整网站的证书，但我想知道问题出在哪里。我认为它们可能运行在一个旧的JDK上，没有让我们通过CA加密根目录default@codefinger解决这类问题的便捷方式是什么？通过将JDK更新到更高版本，它是可以修复的吗？那么，用什么方法来修复缺少根的问题呢？我相信OpenJDK在8u191中添加了默认加密。否则，他们将需要添加证书