Monday, May 22, 2023

Oracle Database 19c -- ORA-29024: Certificate validation failure


Trying to access a web resource you get error:

SQL> select utl_http.request('') from dual;

ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1530
ORA-29024: Certificate validation failure
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1470
ORA-06512: at line 1


There could be two issues causing the above error:

1) The web host is not supporting TLSv1.2, or

2) Oracle wallet is not used, or the wallet is lacking the required Root CAs and/or Intermediate certificates to validate the web resource

To add the required certificates to an Oracle wallet:

1) Create an Oracle wallet if one does not yet exist. See link for more help

Oracle Database 19c -- Create an Oracle Wallet to Store SSL Certificates

2) Identify the Root CA certificates of the web resource:

Oracle Linux 7 -- How To Get A Topmost Root CA Of A Web Resource

3) Add the certificates to the wallet:

$ orapki wallet add -wallet <wallet_location> -trusted_cert -cert <path_to_cert_file>

4) Access the Internet resource, specifying the wallet location:

SQL select utl_http.request(
       '', null,
    from dual;

For PL\SQL code, you may also use UTL_HTTP.SET_WALLET procedure for convenience


No comments: