Pkcs12 Certificate

I need to access https://wodlab.myshopify.com website with UTL_HTTPS in Oracle 11G XE. Generally this is done by downloading SSL Certificates from a browser like Firefox and make a Wallet using Oracle Wallet Manager. But Oracle XE does not have Wallet. I found a solution at; https://blog.hazrulnizam.com/openssl-workaround-oracle-xe-wallet and it is working fine except for https://wodlab.myshopify.com

I downloaded certificates from Firefox in X.509 Certificate with chain (PEM) format then ran following command:

openssl pkcs12 -export -in myshopify.com -out ewallet.p12 -nokeys

Now I tried access the site with Oracle:

select utl_http.request('https://wodlab.myshopify.com', NULL,'file:/home/oracle/wallets/myshopify.com','mypassword') from dual;

Open in new window

and get error:

ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1722
ORA-28857: Unknown SSL error
ORA-06512: at line 1

Open in new window


This very same process works for several different sites I have tried including https://shop.oracle.com and https://www.shopify.com but just not for https://wodlab.myshopify.com. Can someone please help me identify the reason and fix it? I will be really thankful.

Also is there a way to test the generated Pkcs12 certificate so that can verify/debug outside Oracle first?
sysautomationAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
I am relooking at different post per se for use of similar https  calling, do check out the step through in the post. It did  mentioned certain limitation in using the browser for exporting
http://blog.whitehorses.nl/2010/05/27/access-to-https-via-utl_http-using-the-orapki-wallet-command/

some key note extracted below
- In Windows Vista or Windows 7 you must run Internet Explorer as Administrator before the [Copy to File...] button is enabled
- Export it to a [Base-64 encoded X.509 (.CER)] file.
- Exporting the complete chain in Firefox does not work when importing to the wallet.
- Point to the location of the wallet, do not include the wallet file name
Other (http://ilmarkerm.blogspot.sg/2012/06/using-ssl-clint-certificates-for.html) mention on some ACL which I suspect not really contributory but just to share.
The network ACL needs also privileges on the Wallet file using DBMS_NETWORK_ACL_ADMIN.ASSIGN_WALLET_ACL
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sysautomationAuthor Commented:
Thanks but I found the reason is Oracle 11.2.0.2.0 doesn't support SHA-2 signed certificates. The certificates which are working fine are signed with SHA-1. Not sure how to handle this now as I am using Oracle XE which is 11.2.0.2.0 and cannot be patched.
Thinking of finding some way to handle this through some type of proxy which Oracle sends to in http whereas the proxy sends to the server in https. Any ideas are welcome.
0
btanExec ConsultantCommented:
sure open another question to larger EE pool :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.