3 Replies Latest reply: Jun 19, 2014 12:18 AM by Billy~Verreynne RSS

    Webservice + PL/SQL : How to implement Root Certificate & user certificates

    user3347974

      Hi,,,

       

      I am trying to call out a webservices using UTL_HTTP and this web services is SSL enabled & has the following certificates:

       

      1) one is the root certificate which is a *.p12 file from the browser

      2) Another is user certificate .cert file . This certificate is for the user account accessing the ssl url. and on top of this there is a user authentication where in I need to set up the username & password. A freaking secure application

       

      Now I am not sure how to configure these two in wallet manager. I googled this and I can only find out a way to implement only one certificates.

      How do I install both the user & root certificates using Oracle wallet manager.

       

      Am I missing something here ?

        • 1. Re: Webservice + PL/SQL : How to implement Root Certificate & user certificates
          Billy~Verreynne

          The complete certificate chain of the secured web service you are calling from Oracle, needs to be in the local Oracle wallet.

           

          The default certificate format you need to load as file, or copy and paste as text, into the Oracle wallet, is the PEM format.

           

          You can use your browser (Firefox/Chrome) to access the secured web service (use WSDL URL). And accept the certificates into your browser's wallet. You can then view the certificate chain of that secured site in the browser, and export the site certificate and any root certificates. The export format is by default PEM. You can then load these into your Oracle wallet via the OWM GUI, or via the command line, e.g.

          orapki wallet add -wallet <wallet_dir> -trusted_cert -cert <certificate.pem> -pwd <wallet_password>

          • 2. Re: Webservice + PL/SQL : How to implement Root Certificate & user certificates
            user3347974

            Thanks Billy!! I tried adding certificate as you have mentioned.  I was able to add the trusted certificate. However,  for user cert which is a p12 file , I am unable to add it and its throwing error stating:

             

            PKI-04001: Invalid Certificate.

            Could not install user cert at <LOCATION>/xxxxxxxx.p12

            Please add all trusted certificates before adding the user certificate

             

            Can orapki handle *.p12 certificate.

             

            Any pointers will be much appreciated.

             

            Cheers

            • 3. Re: Webservice + PL/SQL : How to implement Root Certificate & user certificates
              Billy~Verreynne

              The error seems to be with the certificate chain - trusted certificates need to be loaded prior to user certificates.

               

              A certificate like the one used for this Oracle community web site, is signed by GeoTrust Inc. If you do not have the GeoTrust (root authority) certificate in your wallet, you cannot trust this web site's certificate. (click on the https icon in the address bar in your browser to see)

               

              So my guess is that your wallet cannot accept the user certificate as it was signed by an unknown party - i.e. you do not have a trusted certificate for the organisation that signed the user certificate.

               

              It is important to import the complete chain of certificates in your wallet.