Oracle 19c - ORA-29024 (Certificate validation failure)

Question

I am trying to use UTL_HTTP package to send requests to a remote web server. It works well using normal HTTP but when I try to use HTTPS, I always get ORA-29024.

What I did so far:

• Create a wallet: mkdir /oracle/admin/mydb/my_wallet orapki wallet create -wallet /oracle/admin/valdb/my_walled -pwd mypwd -auto_login

• Used Chrome to browse to the https website and downloaded the certificate to a p7b file

• Stored the p7b file on the database machine in /tmp/mycert.p7b

• Imported the certificate into the wallet: orapki wallet add -wallet /oracle/admin/mydeb/my_wallet/ -trusted_cert cert "/tmp/mycert.p7b" -pwd mypwd

• Checked the wallet status: orapki wallet display -wallet /oracle/admin/mydb/my_wallet =>

    Requested Certificates:
    User Certificates:
    Trusted Certificates:
    Subject:        CN=*.remote.server.com
    Subject:        CN=ISRG Root X1,O=Internet Security Research Group,C=US
    Subject:        CN=R3,O=Let's Encrypt,C=US
  

• Tried to send a request:

    EXEC UTL_HTTP.set_wallet('file:/oracle/admin/mydb/my_wallet', 'mypwd');
    select UTL_HTTP.REQUEST('https://mes.customer.remove.server.com',NULL,'file:/oracle/admin/mydb/my_wallet','mypwd') from dual;
  

But unfortunately the return was:

    ORA-29273: HTTP request failed
    ORA-06512: at "SYS.UTL_HTTP", line 1530
    ORA-29024: Certificate validation failure
    ORA-06512: at "SYS.UTL_HTTP", line 380
    ORA-06512: at "SYS.UTL_HTTP", line 1470
    ORA-06512: at line 1

Any idea what else I could try?

Can it be caused because the certificate is a wildcard (*) certificate?

Answer 1

I have the same exact error, and yes it's because it is a wildcard certificate. What I did on 19c was to delete only the wildcard certificate from the wallet, but let all the others from the certification path and it worked. However the same behaviour doesn't apply on 12.2.0 . Tell me it it worked for you too on 19c.