Hi,
On Oracle 19.3 EE, and trying to call a REST service that requires a client certificate.
I got issued a .pfx/.p12 file with the client certificate to use. Could not use that just straight up as a wallet (bad magic number).
So I created a new Wallet using orapki as described in: Converting 3rd Party pkcs12 or .pfx Wallets for use with Oracle 12 (Doc ID 2147608.1)
Added the end servers intermediary certificate (for the https access) to the newly created walllet. So now the wallet has the client certificate plus 2 server certificates that came with it originally and intermediate certificate of the end server.
ACL created to give my schema user privilege to use client certificates:
exec DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('all_access.xml','SCHEMA', true, 'connect');
exec DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('all_access.xml','SCHEMA', true, 'use-client-certificates');
exec DBMS_NETWORK_ACL_ADMIN.ASSIGN_WALLET_ACL('all_access.xml','file:/etc/ORACLE/WALLETS/oracle/custom/certwallet);
When I try to call a resource that requires the client certificate, I either get an immediate ORA-29276: transfer timeout (I have timeout set to 30 seconds, this comes immediately) or I get a 403 indicating that UTL_HTTP is not sending the client certificate credentials.
How do I tell UTL_HTTP to use a specific certificate with a certain host?
The wallet I created will only work with this specific host.
Using this certificate in Postman was a piece of cake. Just added the certificate and attached it to a host and after that all REST requests worked without any issue, how can I achieve that in PL/SQL? :)
Regards
Oli