starting from yesterday I began receiving "ora-29024 certificate validation failure" errors when trying to access pages in the oracle.com domain, like the OTN forums, from within PL/SQL procedures that are calling UTL_HTTP.
These procedures have been working for more than one year and no changes in the code have been done in the last months.
I checked the Oracle Wallet and apparently there is only one expired certificate in the trusted certificates chain:
# Subject Name: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
# Issuer Name: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
# Expiration Date: January 8, 2010
These certificates are installed automatically when Oracle creates a new wallet, if I got it right, something I made back in 2011, so the certificate was already expired by then.
I am not even sure that this particular certificate is the problem, I am just guessing.
I checked some blog postings and as far as I can see all of them are dealing with cases of expired certificates.
Any ideas on how to verify if this specific certificate is the troublemaker?
If yes, any ideas on how to get a new trusted certificate chain?
Ok, I figured it out myself, Oracle.com must have changed the certificate chain required to access their web sites and the old ones don't work anymore.
I installed the missing certificates by looking at the new certificate chain using a browser and exporting the relevant certificates, then I imported them in the wallet.
It was a painful trial and error process, but eventually I sorted it out.
I can see the certificate now used on this site was issued on 2-11-2012, given some internal time to process it may have been instated exactly
when you start noticing the failures, please be advised the certificate will expire already 23-3-2013 so sometime before that the story will start over,