I am trying to use UTL_HTTP package to send requests to a remote web server. It works well using normal HTTP but when I try to use HTTPS, I always get ORA-29024.
What I did so far:
Create a wallet:
mkdir /oracle/admin/mydb/my_walletorapki wallet create -wallet /oracle/admin/valdb/my_walled -pwd mypwd -auto_loginUsed Chrome to browse to the https website and downloaded the certificate to a p7b file
Stored the p7b file on the database machine in
/tmp/mycert.p7bImported the certificate into the wallet:
orapki wallet add -wallet /oracle/admin/mydeb/my_wallet/ -trusted_cert cert "/tmp/mycert.p7b" -pwd mypwdChecked the wallet status:
orapki wallet display -wallet /oracle/admin/mydb/my_wallet=>Requested Certificates: User Certificates: Trusted Certificates: Subject: CN=*.remote.server.com Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US Subject: CN=R3,O=Let's Encrypt,C=USTried to send a request:
EXEC UTL_HTTP.set_wallet('file:/oracle/admin/mydb/my_wallet', 'mypwd'); select UTL_HTTP.REQUEST('https://mes.customer.remove.server.com',NULL,'file:/oracle/admin/mydb/my_wallet','mypwd') from dual;
But unfortunately the return was:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1530
ORA-29024: Certificate validation failure
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1470
ORA-06512: at line 1
Any idea what else I could try?
Can it be caused because the certificate is a wildcard (*) certificate?
I have the same exact error, and yes it's because it is a wildcard certificate. What I did on 19c was to delete only the wildcard certificate from the wallet, but let all the others from the certification path and it worked. However the same behaviour doesn't apply on 12.2.0 . Tell me it it worked for you too on 19c.