Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Pkcs12 Certificate

Posted on 2014-11-16
3
Medium Priority
?
1,872 Views
Last Modified: 2014-11-18
I need to access https://wodlab.myshopify.com website with UTL_HTTPS in Oracle 11G XE. Generally this is done by downloading SSL Certificates from a browser like Firefox and make a Wallet using Oracle Wallet Manager. But Oracle XE does not have Wallet. I found a solution at; https://blog.hazrulnizam.com/openssl-workaround-oracle-xe-wallet and it is working fine except for https://wodlab.myshopify.com

I downloaded certificates from Firefox in X.509 Certificate with chain (PEM) format then ran following command:

openssl pkcs12 -export -in myshopify.com -out ewallet.p12 -nokeys

Now I tried access the site with Oracle:

select utl_http.request('https://wodlab.myshopify.com', NULL,'file:/home/oracle/wallets/myshopify.com','mypassword') from dual;

Open in new window

and get error:

ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1722
ORA-28857: Unknown SSL error
ORA-06512: at line 1

Open in new window


This very same process works for several different sites I have tried including https://shop.oracle.com and https://www.shopify.com but just not for https://wodlab.myshopify.com. Can someone please help me identify the reason and fix it? I will be really thankful.

Also is there a way to test the generated Pkcs12 certificate so that can verify/debug outside Oracle first?
0
Comment
Question by:sysautomation
  • 2
3 Comments
 
LVL 66

Accepted Solution

by:
btan earned 1000 total points
ID: 40449211
I am relooking at different post per se for use of similar https  calling, do check out the step through in the post. It did  mentioned certain limitation in using the browser for exporting
http://blog.whitehorses.nl/2010/05/27/access-to-https-via-utl_http-using-the-orapki-wallet-command/

some key note extracted below
- In Windows Vista or Windows 7 you must run Internet Explorer as Administrator before the [Copy to File...] button is enabled
- Export it to a [Base-64 encoded X.509 (.CER)] file.
- Exporting the complete chain in Firefox does not work when importing to the wallet.
- Point to the location of the wallet, do not include the wallet file name
Other (http://ilmarkerm.blogspot.sg/2012/06/using-ssl-clint-certificates-for.html) mention on some ACL which I suspect not really contributory but just to share.
The network ACL needs also privileges on the Wallet file using DBMS_NETWORK_ACL_ADMIN.ASSIGN_WALLET_ACL
0
 

Author Closing Comment

by:sysautomation
ID: 40450225
Thanks but I found the reason is Oracle 11.2.0.2.0 doesn't support SHA-2 signed certificates. The certificates which are working fine are signed with SHA-1. Not sure how to handle this now as I am using Oracle XE which is 11.2.0.2.0 and cannot be patched.
Thinking of finding some way to handle this through some type of proxy which Oracle sends to in http whereas the proxy sends to the server in https. Any ideas are welcome.
0
 
LVL 66

Expert Comment

by:btan
ID: 40451178
sure open another question to larger EE pool :)
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to protecting Oracle Database servers and systems, there are a ton of myths out there. Here are the most common.
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Suggested Courses
Course of the Month10 days, 6 hours left to enroll

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question