I am trying to use UTL_HTTP package to send requests to a remote web server. It works well using normal HTTP but when I try to use HTTPS, I always get ORA-29024.
What I did so far:
Create a wallet: mkdir /oracle/admin/mydb/my_wallet orapki wallet create -wallet /oracle/admin/valdb/my_walled -pwd mypwd -auto_login
Used Chrome to browse to the https website and downloaded the certificate to a p7b file
Stored the p7b file on the database machine in /tmp/mycert.p7b
Imported the certificate into the wallet: orapki wallet add -wallet /oracle/admin/mydeb/my_wallet/ -trusted_cert cert "/tmp/mycert.p7b" -pwd mypwd
Checked the wallet status: orapki wallet display -wallet /oracle/admin/mydb/my_wallet =>
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject: CN=*.remote.server.com
Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Subject: CN=R3,O=Let's Encrypt,C=US
Tried to send a request:
EXEC UTL_HTTP.set_wallet('file:/oracle/admin/mydb/my_wallet', 'mypwd');
select UTL_HTTP.REQUEST('https://mes.customer.remove.server.com',NULL,'file:/oracle/admin/mydb/my_wallet','mypwd') from dual;
But unfortunately the return was:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1530
ORA-29024: Certificate validation failure
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1470
ORA-06512: at line 1
Any idea what else I could try?
Can it be caused because the certificate is a wildcard (*) certificate?
I have the same exact error, and yes it's because it is a wildcard certificate. What I did on 19c was to delete only the wildcard certificate from the wallet, but let all the others from the certification path and it worked. However the same behaviour doesn't apply on 12.2.0 . Tell me it it worked for you too on 19c.