I need your help with Oracle Cloud outgoing connection. We are building a web app on Oracle Cloud (Apex) and need to connect our appex app to external webservice. The webservice is called Jokiro (http://jokiro.cz) and it provides HTTP api at url http://api.jokiro.cz . When we try to connect from oracle cloud it fails with the following message: "The requested URL has been prohibited. Contact your administrator."
I think it’s because of missing https connection. But when we add cetificate to Jokiro service to url "https://www.jokiro.cz/index" it still doesn’t work and returns message: "ORA-29024: Certificate validation failure"
My question is, what kind of certificate must be provided by external webservice (Jokiro service) so it all works OK?
We are using this code for calling web/webservice:
You are right that you will get the URL prohibited error if the request is not HTTPS. The certificate validation error is caused by the wallet used on the cloud not having the certificate for GeoTrust Global CA (the signer of the certificate presented by https://www.jokiro.cz) in its list of trusted certificates. You will not be able to make a REST request to that resource until the cloud wallet is updated.
I was thinking about this issue and it seems to be exactly as you said. Now, I don't know how to manage wallet in the cloud - I think it can't be done, Oracle Cloud doesn't provide this feature. So is somewhere list of trusted certificates? Please what does it means "until the cloud wallet is updated"? Is there any chance that wallet will contains GeoTrust or StartSSL certificate?
Because this behavior is limiting for Oracle Cloud.
You are correct - Cloud Database Service users cannot manage the Oracle Wallet themselves. The Cloud APEX instance is configured with the Oracle Wallet that includes 76 common root Certificate Authority certificates. The "GeoTrust Global CA" certificate is among them (StartSSL is not).
It seems that you are using the "GeoTrust(R) SSL Trial" certificate, which cannot be validated using the provided Oracle Wallet (perhaps the trial certificate is limited in some way). As an example, I compared the certificate chain used by [https://jquery.org/] and it matches yours exactly (same root CA, same intermediate CA). However, they have "QuickSSL(R)" certificate and it can be successfully validated using the provided Oracle Wallet.
So, it seems that if you upgrade your trial certificate to the full certificate, you should be able to consume your web service from the Cloud Database Service.