Hi Guys,
I am having a hard time to get a connection with client_certificate done with http_utl. Maybe you see what I am missing:
We have a wallet with a client certificate and the other necessary trusted certificates:
[oracle@s-bn-or-01 eRechnung]$ orapki wallet display -wallet /orabin/wallet-usercrt
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle und/oder der verbundenen Unternehmen. All rights reserved. Alle Rechte vorbehalten.
Requested Certificates:
User Certificates:
Subject: CN=GRP: prod.xrechnung….,C=DE
Trusted Certificates:
Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
Subject: CN=DFN-Verein Certification Authority 2,OU=DFN-PKI,O=Verein …,C=DE
Subject: CN=DFN-Verein Global Issuing CA,OU=DFN-PKI,O=Verein …C=DE
We are running a simple request with the wallet, the proxy, the password and hopefully the client_certificate
create or replace
PROCEDURE check_url is
l_http_request UTL_HTTP.req;
l_http_response UTL_HTTP.resp;
l_text VARCHAR2(32767);
request_context UTL_HTTP.REQUEST_CONTEXT_KEY;
BEGIN
-- Create a request context with its wallet and cookie table
request_context := UTL_HTTP.CREATE_REQUEST_CONTEXT(
wallet_path => 'file:/orabin/wallet-usercrt',
wallet_password => xxx',
enable_cookies => TRUE,
max_cookies => 300,
max_cookies_per_site => 20);
-- Make a HTTP request and get the response.
UTL_HTTP.set_wallet('file:/orabin/wallet-usercrt', null); -- it makes no difference with or withou pwd
UTL_HTTP.SET_PROXY('my_proxy:80');
l_http_request := utl_http.begin_request (url => 'https://xrechnung/xxx/yyy/rechnungen',
method => 'GET',
request_context => request_context);
utl_http.set_authentication(r => l_http_request, username => ‚user_xxx,password => 'pwd_yyy', scheme => 'Basic', for_proxy => false);
l_http_response := UTL_HTTP.get_response(l_http_request);
-- Loop through the response.
BEGIN
LOOP
UTL_HTTP.read_text(l_http_response, l_text, 32766);
DBMS_OUTPUT.put_line (l_text);
END LOOP;
EXCEPTION
WHEN UTL_HTTP.end_of_body THEN
UTL_HTTP.end_response(l_http_response);
END;
EXCEPTION
WHEN OTHERS THEN
UTL_HTTP.end_response(l_http_response);
RAISE;
END;
Response:
set serveroutput on;
begin
check_url;
end;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<!--
This is a WebSEAL error message template file. It is used
by the WebSEAL server to build a response when a particular
error occurs. This file can be modified as appropriate.
Error details:
* Code: 0x38cf0427
* Text: Forbidden
Do you have an idea what I am doing wrong, why the responding site does not accept the cerificate. It is working finde with SOAP_UI oder direct https Call with client certificate via IE11.
We are getting the same response as if we would not connect with a client certificate. It seems the call does not take the client certificate.
Frank