Solved

Pkcs12 Certificate

Posted on 2014-11-16
3
1,581 Views
Last Modified: 2014-11-18
I need to access https://wodlab.myshopify.com website with UTL_HTTPS in Oracle 11G XE. Generally this is done by downloading SSL Certificates from a browser like Firefox and make a Wallet using Oracle Wallet Manager. But Oracle XE does not have Wallet. I found a solution at; https://blog.hazrulnizam.com/openssl-workaround-oracle-xe-wallet and it is working fine except for https://wodlab.myshopify.com

I downloaded certificates from Firefox in X.509 Certificate with chain (PEM) format then ran following command:

openssl pkcs12 -export -in myshopify.com -out ewallet.p12 -nokeys

Now I tried access the site with Oracle:

select utl_http.request('https://wodlab.myshopify.com', NULL,'file:/home/oracle/wallets/myshopify.com','mypassword') from dual;

Open in new window

and get error:

ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1722
ORA-28857: Unknown SSL error
ORA-06512: at line 1

Open in new window


This very same process works for several different sites I have tried including https://shop.oracle.com and https://www.shopify.com but just not for https://wodlab.myshopify.com. Can someone please help me identify the reason and fix it? I will be really thankful.

Also is there a way to test the generated Pkcs12 certificate so that can verify/debug outside Oracle first?
0
Comment
Question by:sysautomation
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40449211
I am relooking at different post per se for use of similar https  calling, do check out the step through in the post. It did  mentioned certain limitation in using the browser for exporting
http://blog.whitehorses.nl/2010/05/27/access-to-https-via-utl_http-using-the-orapki-wallet-command/

some key note extracted below
- In Windows Vista or Windows 7 you must run Internet Explorer as Administrator before the [Copy to File...] button is enabled
- Export it to a [Base-64 encoded X.509 (.CER)] file.
- Exporting the complete chain in Firefox does not work when importing to the wallet.
- Point to the location of the wallet, do not include the wallet file name
Other (http://ilmarkerm.blogspot.sg/2012/06/using-ssl-clint-certificates-for.html) mention on some ACL which I suspect not really contributory but just to share.
The network ACL needs also privileges on the Wallet file using DBMS_NETWORK_ACL_ADMIN.ASSIGN_WALLET_ACL
0
 

Author Closing Comment

by:sysautomation
ID: 40450225
Thanks but I found the reason is Oracle 11.2.0.2.0 doesn't support SHA-2 signed certificates. The certificates which are working fine are signed with SHA-1. Not sure how to handle this now as I am using Oracle XE which is 11.2.0.2.0 and cannot be patched.
Thinking of finding some way to handle this through some type of proxy which Oracle sends to in http whereas the proxy sends to the server in https. Any ideas are welcome.
0
 
LVL 64

Expert Comment

by:btan
ID: 40451178
sure open another question to larger EE pool :)
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I remember the day when someone asked me to create a user for an application developement. The user should be able to create views and materialized views and, so, I used the following syntax: (CODE) This way, I guessed, I would ensure that useā€¦
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question