DBMS_WALLET built-in package to manage certificates via PL/SQL API

MortenBraten

Currently, Oracle Wallets are located in the filesystem and therefore the DBA with OS level access must be involved in adding or updating certificate information. Oracle PL/SQL developers who wish to do secure callouts from the database via UTL_HTTP, APEX_WEB_SERVICE, etc. must therefore communicate with the DBA for certificate maintenance tasks, which is time-consuming.

The idea is to add a built-in PL/SQL package, tentatively named DBMS_WALLET, that could be used to add, update, delete and list certificates and perform other relevant actions. The EXECUTE privilege on the package could be granted to trusted developers. Setup and maintenance of certificates could also be scripted using PL/SQL if this package existed.

Certificates are just plain text, and could therefore be passed to an add/update procedure via a CLOB parameter. The package could handle the storage of the certificate at the OS level, or the certificate could even be stored in some internal database table (this would require a change to how UTL_HTTP retrieves certificate info, though).

See also https://twitter.com/mortenbraten/status/1259587371479203843

FatMartinR

Have always thought it's weird doing it at the OS level.    I bet it causes trouble if you're using Oracle's cloud DBs.

Anton Scheffer

Add the ability to store private keys in the wallet too. I could use that in my sftp package

Omar M. Sawalhah

I am straggling with Office365 SSL certificate and I can't manage it to send emails through business account, I would suggest to have all the related root certificates for all authorities in the planet and updated periodically just to make this as easy as possible.

Regards,

Omar