Pkcs12 Certificate

I need to access https://wodlab.myshopify.com website with UTL_HTTPS in Oracle 11G XE. Generally this is done by downloading SSL Certificates from a browser like Firefox and make a Wallet using Oracle Wallet Manager. But Oracle XE does not have Wallet. I found a solution at; https://blog.hazrulnizam.com/openssl-workaround-oracle-xe-wallet and it is working fine except for https://wodlab.myshopify.com

I downloaded certificates from Firefox in X.509 Certificate with chain (PEM) format then ran following command:

openssl pkcs12 -export -in myshopify.com -out ewallet.p12 -nokeys

Now I tried access the site with Oracle:

select utl_http.request('https://wodlab.myshopify.com', NULL,'file:/home/oracle/wallets/myshopify.com','mypassword') from dual;

Open in new window

and get error:

ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1722
ORA-28857: Unknown SSL error
ORA-06512: at line 1

Open in new window


This very same process works for several different sites I have tried including https://shop.oracle.com and https://www.shopify.com but just not for https://wodlab.myshopify.com. Can someone please help me identify the reason and fix it? I will be really thankful.

Also is there a way to test the generated Pkcs12 certificate so that can verify/debug outside Oracle first?
sysautomationAsked:
Who is Participating?
 
btanExec ConsultantCommented:
I am relooking at different post per se for use of similar https  calling, do check out the step through in the post. It did  mentioned certain limitation in using the browser for exporting
http://blog.whitehorses.nl/2010/05/27/access-to-https-via-utl_http-using-the-orapki-wallet-command/

some key note extracted below
- In Windows Vista or Windows 7 you must run Internet Explorer as Administrator before the [Copy to File...] button is enabled
- Export it to a [Base-64 encoded X.509 (.CER)] file.
- Exporting the complete chain in Firefox does not work when importing to the wallet.
- Point to the location of the wallet, do not include the wallet file name
Other (http://ilmarkerm.blogspot.sg/2012/06/using-ssl-clint-certificates-for.html) mention on some ACL which I suspect not really contributory but just to share.
The network ACL needs also privileges on the Wallet file using DBMS_NETWORK_ACL_ADMIN.ASSIGN_WALLET_ACL
0
 
sysautomationAuthor Commented:
Thanks but I found the reason is Oracle 11.2.0.2.0 doesn't support SHA-2 signed certificates. The certificates which are working fine are signed with SHA-1. Not sure how to handle this now as I am using Oracle XE which is 11.2.0.2.0 and cannot be patched.
Thinking of finding some way to handle this through some type of proxy which Oracle sends to in http whereas the proxy sends to the server in https. Any ideas are welcome.
0
 
btanExec ConsultantCommented:
sure open another question to larger EE pool :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.