OraFAQ Forum: SQL & PL/SQL » ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida

相关文章推荐

道上混的沙发 · 贝力行· 2 年前 ·

强健的鸭蛋 · DataGridViewComboBoxCe ...· 2 年前 ·

正直的大蒜 · python实现邮件接收、附件下载-腾讯云开 ...· 2 年前 ·

个性的电影票 · 第14天！來看看TypeScript的設定檔 ...· 2 年前 ·

斯文的电影票 · electron 引入js - ...· 2 年前 ·

ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675199 ] Thu, 14 March 2019 08:49

select utl_http.request ('https:\\www.oracle.com\index.html',NULL,'file:d:\appl\fiskalizacija\arhiva','xxx') FROM DUAL;
return
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1720
ORA-29024: Certificate validation failure
What I done.
On server using Oracle Wallet 12.1.0.1 I import three certifikate using chrome browser
First : DigiCert Global Root CA
Second : DigiCert SHA2 secure Servers CA
Third :www-cs-01.oracle.com
I am sure that path for ewallet in select is OK.
I am sure that password for ewallet is OK.
What am I doing wrong ?
Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675200 is a reply to message #675199 ] Thu, 14 March 2019 09:08

Could be many things, but one clear problem is that the hostname in the URL (www.oracle.com) doesn't match the name in the certificate (www-cs-01.oracle.com). When you upgrade to 12.2, you'll find the utl_http.request and many other procedures have another argument:

FUNCTION REQUEST RETURNS VARCHAR2
 Argument Name                  Type                    In/Out Default?
 ------------------------------ ----------------------- ------ --------
 URL                            VARCHAR2                IN
 PROXY                          VARCHAR2                IN     DEFAULT
 WALLET_PATH                    VARCHAR2                IN     DEFAULT
 WALLET_PASSWORD                VARCHAR2                IN     DEFAULT
 HTTPS_HOST                     VARCHAR2                IN     DEFAULT

See that last one? Setting that to the name in the certificate fixes the problem.

Report message to a moderator

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675202 is a reply to message #675200 ] Thu, 14 March 2019 09:47

upgrade to 12.2 is not a option since customer still using forms 6i.
Behind example I show with www.oracle.com I have really business problem with some other site. I take "oracle" because it is easy for all to reproduce problem
Since steps I write are steps which I found in many forums (even I thins that oracle itself say same) I out of idea what to do
Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675203 is a reply to message #675202 ] Thu, 14 March 2019 13:51

So the problem is that you are using Forms 6i. THat uses the 8i OCI libraries which, if I remember correctly, was released in 1999. There may be no solution for this environment.

Report message to a moderator

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675204 is a reply to message #675199 ] Thu, 14 March 2019 19:34

I've encountered this before.
Put the certificate chain in the wallet, not the destination site certificate.
the utl_http will download it when it needs it, and validate it against the remainder of the chain.
ie, delete the .oracle.com cert and try again.
cheers,

Report message to a moderator

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675208 is a reply to message #675204 ] Fri, 15 March 2019 01:45

@John .. forms are not a problem since this is pure pl/sql from database (there are another user without forms and on same database version)
@dwatkins
I am really beginer in part of security but used wallet before on previous database version (and od course different kind of certificates) and never have such problem.
Would you be more precision which certificate should I left in wallet ?
On www.oracle.com are three certifacate in chain :
DigiCert Global Root CA
Digicert SHA2 Secure Server CA
www-cs-01.oracle.com
I try all combination in wallet but all lead to same error
Wallet with only DigiCert Global Root CA --> ORA-29024: Certificate validation failure
Wallet with DigiCert Global Root CA and Digicert SHA2 Secure Server CA --> ORA-29024: Certificate validation failure
Wallet with all three --> ORA-29024: Certificate validation failure
Wallet with only www-cs-01.oracle.com --> ORA-29024: Certificate validation failure Attachment: untitled.png (Size: 18.68KB, Downloaded 1190 times)

Report message to a moderator

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675210 is a reply to message #675208 ] Fri, 15 March 2019 02:43

This works for me:

C:\Users\john>
C:\Users\john>orapki wallet display -wallet c:\tmp\wallet
Oracle PKI Tool : Version 12.1.0.2
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject:        CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
C:\Users\john>
C:\Users\john>sqlplus scott/tiger
SQL*Plus: Release 12.1.0.2.0 Production on Fri Mar 15 07:39:48 2019
Last Successful login time: Fri Mar 15 2019 07:39:12 +00:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
orclz>
orclz>
orclz>  select utl_http.request('https://www.oracle.com/index.html',NULL,'file:c:\tmp\wallet') from dual ;
UTL_HTTP.REQUEST('HTTPS://WWW.ORACLE.COM/INDEX.HTML',NULL,'FILE:C:\TMP\WALLET')
--------------------------------------------------------------------------------------------------------------
<!DOCTYPE html>
<html lang="en-US" class="no-js">
<!-- start : Framework/HomePage -->

Report message to a moderator

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675211 is a reply to message #675210 ] Fri, 15 March 2019 02:52

...following on from John, but with access control
$ orapki wallet create -wallet test -pwd nothing_critical -auto_login $ orapki wallet add -wallet test -cert digicert-root.cer -trusted_cert -pwd nothing_critical $ orapki wallet add -wallet test -cert digicert-intermediate.cer -trusted_cert -pwd nothing_critical $ orapki wallet display -wallet test Oracle PKI Tool : Version 12.1.0.2 Requested Certificates: User Certificates: Trusted Certificates: Subject: CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US begin DBMS_NETWORK_ACL_ADMIN.APPEND_WALLET_ACE( wallet_path => 'file:///apps/oracle/test', ace => xs$ace_type(privilege_list => xs$name_list('use_client_certificates'), principal_name => 'daniel', principal_type => xs_acl.ptype_db)); BEGIN DBMS_NETWORK_ACL_ADMIN.append_host_ace ( host => '*.oracle.com', ace => xs$ace_type(privilege_list => xs$name_list('resolve'), principal_name => 'daniel', principal_type => xs_acl.ptype_db)); DBMS_NETWORK_ACL_ADMIN.append_host_ace ( host => '*.oracle.com', lower_port => 443, ace => xs$ace_type(privilege_list => xs$name_list('connect'), principal_name => 'daniel', principal_type => xs_acl.ptype_db)); SQL*Plus: Release 12.1.0.2.0 Production on Fri Mar 15 18:42:07 2019 Last Successful login time: Fri Mar 15 2019 18:34:58 +11:00 Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Advanced Analytics and Real Application Testing options SQL> select utl_http.request('https://www.oracle.com/index.html',NULL,'file:/apps/oracle/test','nothing_critical') from dual; UTL_HTTP.REQUEST('HTTPS://WWW.ORACLE.COM/INDEX.HTML',NULL,'FILE:/APPS/ORACLE/TES -------------------------------------------------------------------------------- <!DOCTYPE html> <html lang="en-US" class="no-js">    <title>Oracle | Integrated Cloud Applications and Platform Services</title> Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675212 is a reply to message #675210 ] Fri, 15 March 2019 03:04

It seems that SQLDEVELOPER is source of problem !
Everything works perferts with sqlplus on both side, database and client
But running through SQL Developer version 18.3.0.277 (Build 277.2354) show errors !!!
Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675223 is a reply to message #675212 ] Fri, 15 March 2019 04:58

Thanks all for help ..
But this example was because I have same problem with different web site (since oracle.com behave same I show that example)
Initially I have problem accessing this site https://cis.porezna-uprava.hr:8449/FiskalizacijaService but I am not sure is this Oracle problem or certificate problem
For that site I also get same error ORA-29024: Certificate validation failure (now I test using SQLplus ). I got all (I think) certificate imported in wallet. What is confusing me is if I try to access throw browser (Mozila for example) I got message that conection is not secure. Is it maybe "bad" certificate on host site ?

Report message to a moderator

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675224 is a reply to message #675223 ] Fri, 15 March 2019 05:01

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675226 is a reply to message #675224 ] Fri, 15 March 2019 05:09

I am sorry but I don't refuse.
I show screenshot executing same statement from SQLDeveloper and from SQLPlus (both were on client)
Or you ask me for accessing site https://cis.porezna-uprava.hr:8449/FiskalizacijaService ?

Report message to a moderator

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675227 is a reply to message #675226 ] Fri, 15 March 2019 05:20

Re: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1720 ORA-29024: Certificate valida [ message #675228 is a reply to message #675227 ] Fri, 15 March 2019 05:23

d:\appl\Fiskalizacija\Arhiva>orapki wallet display -wallet d:\appl\fiskalizacija\arhiva
Oracle PKI Tool : Version 12.1.0.1
Enter wallet password:
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject: CN=Fina RDC 2015,O=Financijska agencija,C=HR
Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
Subject: CN=Fina Root CA,O=Financijska agencija,C=HR
Subject: CN=Fina RDC-TDU 2015,O=Financijska agencija,C=HR
Subject: SERIAL_NUM=VATHR-18683136487.92,CN=cis.porezna-uprava.hr,L=ZAGREB,O=MINISTARSTVO FINANCIJA,C=HR
d:\appl\Fiskalizacija\Arhiva>sqlplus soft
SQL*Plus: Release 12.1.0.1.0 Production on Fri Mar 15 11:22:14 2019
Enter password:
Last Successful login time: Fri Mar 15 2019 11:22:08 +01:00
Connected to:
Oracle Database 12c Release 12.1.0.1.0 - 64bit Production
SQL> select utl_http.request (' https://cis.porezna-uprava.hr:8449/FiskalizacijaService ',NULL,'file:d:\appl\fiskalizacija\arhi
select utl_http.request (' https://cis.porezna-uprava.hr:8449/FiskalizacijaService ',NULL,'file:d:\appl\fiskalizacija\arhiva','
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1720
ORA-29024: Certificate validation failure
ORA-06512: at line 1

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Jul 23 05:14:27 CDT 2023