When I set up something similar on a 10g database I had to explicitly call the utl_http.set_wallet procedure. I had a similar certificate failure error when I tried to combine to two steps into one. I don't know if this would be the same on 11g.
Hey DrabJay, thank you for your reply!
Now i tried the following code:
v_request := UTL_HTTP.BEGIN_REQUEST('https://sub.mydomain.com:8443/'');
v_response := UTL_HTTP.GET_RESPONSE(v_request)
UTL_HTTP.read_text(v_response, v_data, 32767);
WHEN UTL_HTTP.end_of_body THEN
Unfortunately I get the same errors. Maybe there is something wrong with the certificate. I imported one from https://fedoraproject.org/de/ to the wallet Manager and tried the same code (only adjust the url) again. That works!
Do you or does anybody else have an idea?
Sounds like root authority issue. If you are signing your own certificates, then you need your root authority certificate in the wallet too.
PS. Did you generate the certificate request using orapki or owm?
Hi BillyVerreynne, thanks for your reply!
I just tried to work with the certificate request before - unfortunately without success. I also was not sure whether it was necessary, because the request was successful with other not self-generated certificates. To be honest I don't really understand the meaning of the certificate request. Why I can't handle this certificate like the certificate from, e.g. https://fedoraproject.org/de/ ? I'm very confused now. I'd be very grateful if you could post the most important steps or refer to some useful references to get this request working.
1 person found this helpful
I believe the Oracle Wallet is fully detailed in Oracle Wallet Manager and orapki - 11g Release 2 (11.1.2).
I can comment on the approach I used for getting https implemented for Oracle's native web services (publishing a standard PL/SQL procedure as a web service over https).
The Oracle server needs a certificate. For a certificate to be created, a request is required. OWM enables you to generate such a request via the GUI - after which you can send this request to a signing authority to be signed and a certificate provided in return.
You then import that certificate you receive from the signing authority into the wallet. And this certificate will now be used by the Oracle Listener for servicing https connections to the database's XDB component/servlets.
You can also generate your own self-signed certificates using the CLI orapki tool. In this case you will have a certificate to use, but this will be treated with suspicion by clients as it is not signed by a recognised root signing authority.
Oracle's support.oracle.com has several support notes on this specifically - how to use orapki for self-signed certificates.
I have used both methods. Self-signed certificates on development for testing purposes. And generating a request on production that was then signed by a signing authority (after which the supplied certificate was imported into the wallet).
Thank you for your comprehensive reply.
I will try it again and come back soon to share my results.
It seems there was a problem with the self-signed certificate. Now I created it with the help of SelfSSL and the Windows IIS Manager. Thank you all for your help!