Solved

Pkcs12 Certificate

Posted on 2014-11-16
3
1,390 Views
Last Modified: 2014-11-18
I need to access https://wodlab.myshopify.com website with UTL_HTTPS in Oracle 11G XE. Generally this is done by downloading SSL Certificates from a browser like Firefox and make a Wallet using Oracle Wallet Manager. But Oracle XE does not have Wallet. I found a solution at; https://blog.hazrulnizam.com/openssl-workaround-oracle-xe-wallet and it is working fine except for https://wodlab.myshopify.com

I downloaded certificates from Firefox in X.509 Certificate with chain (PEM) format then ran following command:

openssl pkcs12 -export -in myshopify.com -out ewallet.p12 -nokeys

Now I tried access the site with Oracle:

select utl_http.request('https://wodlab.myshopify.com', NULL,'file:/home/oracle/wallets/myshopify.com','mypassword') from dual;

Open in new window

and get error:

ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1722
ORA-28857: Unknown SSL error
ORA-06512: at line 1

Open in new window


This very same process works for several different sites I have tried including https://shop.oracle.com and https://www.shopify.com but just not for https://wodlab.myshopify.com. Can someone please help me identify the reason and fix it? I will be really thankful.

Also is there a way to test the generated Pkcs12 certificate so that can verify/debug outside Oracle first?
0
Comment
Question by:sysautomation
  • 2
3 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40449211
I am relooking at different post per se for use of similar https  calling, do check out the step through in the post. It did  mentioned certain limitation in using the browser for exporting
http://blog.whitehorses.nl/2010/05/27/access-to-https-via-utl_http-using-the-orapki-wallet-command/

some key note extracted below
- In Windows Vista or Windows 7 you must run Internet Explorer as Administrator before the [Copy to File...] button is enabled
- Export it to a [Base-64 encoded X.509 (.CER)] file.
- Exporting the complete chain in Firefox does not work when importing to the wallet.
- Point to the location of the wallet, do not include the wallet file name
Other (http://ilmarkerm.blogspot.sg/2012/06/using-ssl-clint-certificates-for.html) mention on some ACL which I suspect not really contributory but just to share.
The network ACL needs also privileges on the Wallet file using DBMS_NETWORK_ACL_ADMIN.ASSIGN_WALLET_ACL
0
 

Author Closing Comment

by:sysautomation
ID: 40450225
Thanks but I found the reason is Oracle 11.2.0.2.0 doesn't support SHA-2 signed certificates. The certificates which are working fine are signed with SHA-1. Not sure how to handle this now as I am using Oracle XE which is 11.2.0.2.0 and cannot be patched.
Thinking of finding some way to handle this through some type of proxy which Oracle sends to in http whereas the proxy sends to the server in https. Any ideas are welcome.
0
 
LVL 62

Expert Comment

by:btan
ID: 40451178
sure open another question to larger EE pool :)
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't connect to LDAP over SSL (port 636) 6 64
execute immediate plsql block 5 34
sort a spool into file output in oracle 1 22
Oracle Listener Not Starting 11 27
Cursors in Oracle: A cursor is used to process individual rows returned by database system for a query. In oracle every SQL statement executed by the oracle server has a private area. This area contains information about the SQL statement and the…
I remember the day when someone asked me to create a user for an application developement. The user should be able to create views and materialized views and, so, I used the following syntax: (CODE) This way, I guessed, I would ensure that use…
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now