Skip to Main Content
Forums

SQL & PL/SQL

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

ORA-29024: Certificate validation failure

MacFizzJun 11 2020 — edited Jun 11 2020

Hello

I'm trying to setup an https connexion.

For my tests I've followed this guide: http://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtml trying to connect to the centos.org website.

Exporting the certificates and creating the wallet worked without any problems, however, when trying to connect I always get an ORA-29024 error.

Here's the pl/sql I'm using to connect:

declare

HTTP_REQ UTL_HTTP.REQ;

HTTP\_RESP     UTL\_HTTP.RESP;

URL\_TEXT      VARCHAR2(32767);

BEGIN

DBMS\_OUTPUT.ENABLE(1000000);

UTL\_HTTP.SET\_WALLET('file:C:\\Oracle\\Admin\\hlmwin\\test\_wallet');

HTTP\_REQ  := UTL\_HTTP.BEGIN\_REQUEST('[https://www.centos.org/');](https://www.centos.org/');)

UTL\_HTTP.SET\_HEADER(HTTP\_REQ, 'User-Agent', 'Mozilla/4.0');

HTTP\_RESP := UTL\_HTTP.GET\_RESPONSE(HTTP\_REQ);

-- Process Request

LOOP

    BEGIN

        URL\_TEXT := null;

        UTL\_HTTP.READ\_LINE(HTTP\_RESP, URL\_TEXT, TRUE);

        DBMS\_OUTPUT.PUT\_LINE(URL\_TEXT);

        EXCEPTION

            WHEN OTHERS THEN EXIT;

    END;

END LOOP;

UTL\_HTTP.END\_RESPONSE(HTTP\_RESP);

END;

Here's the certificate PEM (chain) from centos.org:

-----BEGIN CERTIFICATE-----

MIIFmTCCBIGgAwIBAgIQD4G8kv+vQ4ZNzMKm0TpzvjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xNzA3MDMwMDAwMDBaFw0yMDA5MDkxMjAwMDBaMGQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRMwEQYDVQQDEwpjZW50b3Mub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzTU4kgN5MeS86kUPqY+d9/T5fYa37rIzN7fUNpheQPgGJdrqJA6VJoj+bcQtUwKpAxY/RNrSLp7+Glna8Y8doQC02IoynoACjFv8Wp7DN9EMFLd1ALh3uDMIOLlDsp1SpJEN2HVN72FaJSUy2hstGGEWGl0f5rXyTp+L1TTNfwPhSnPEVkvApNQMixtxYSEj9ojsptuMaLvxd1sbzn7JJc1G+N0f+xkO8tLnjxOWgG/6MR4PTDfgRiMjZ6zonDPpkjmxX87EpQW3El4DjkK0BFqJcnk4y+NS16lqVnU1PxSgjMcd7Ed+ODDJbQ/2QzK024YGuQayFn/kcfGPUKR2wIDAQABo4ICOTCCAjUwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFD5Rm3BJxTpsjLh/O8kUZmgwYFohMGsGA1UdEQRkMGKCCmNlbnRvcy5vcmeCDnd3dy5jZW50b3Mub3JnghNwcm9qZWN0cy5jZW50b3Mub3Jngg9idWdzLmNlbnRvcy5vcmeCD3dpa2kuY2VudG9zLm9yZ4INZnIuY2VudG9zLm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMS5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQARoWFmZh+2cEJQh70jI2cI4Ib+adMKQCLIPEaxMjefdDhnW5gDKMcPdm4Iew8r0t2g+c7zJZJXBxDwWXtewMHi8LMBKnGZA0UY7U28gRJ/MIwwivIoqvwmmpacAFfF9Dj59fsyyqmSfUlcpD6uJDW4M9c0h6S9ctyHSN6J/AgLuOP4fEZijNhDGe0auTlQWECdpiAax1acWLiBZjO6bJqEq5bEnmrtiR3Fx/E77aUuwORh8kGALYc8TBce9u071uwIPeDlo9bc1QGp+7GscvPY48WO7uIur2GVLm7eK+U6B7ENQZ6SXaaTUe+U0Pnjdj8mlDuVBLdYyBxI6hCNqU3R

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ=

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCevEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K

-----END CERTIFICATE-----

Here's the screenshot of the brand new created wallet after importing the certificates:

pastedImage_5.png

Here's the result when executing the script:

Rapport d'erreur -

ORA-29273: échec de demande HTTP

ORA-06512: à "SYS.UTL_HTTP", ligne 1130

ORA-29024: Echec de validation de certificat

ORA-06512: à ligne 10

29273. 00000 - "HTTP request failed"

*Cause: The UTL_HTTP package failed to execute the HTTP request.

*Action: Use get_detailed_sqlerrm to check the detailed error message.

       Fix the error and retry the HTTP request.

Any clues on what I'm missing here ?

thx
This post has been answered by Paulzip on Jun 11 2020
Jump to Answer
Comments
Post Details
Added on Jun 11 2020
#sql-developer
2 comments
592 views