使用utl_http& 12c上的钱包:证书验证失败

本文介绍了使用utl_http& 12c上的钱包:证书验证失败的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

希望有人能发现我在做错事，因为我正为此秃头.

Hope someone can spot what I'm doing wrong as I'm going bald from this.

我使用了utl_http&钱包可以轻松地在11gR1上调用https，但是我们新安装的12c给我带来了很多麻烦.

I have used utl_http & wallets to call https on 11gR1 without much trouble, but our new 12c installation is causing me a lot of grief.

我尝试同时使用oracle钱包管理器和命令行导入可信证书，但没有成功.我知道oracle在缓存钱包方面可能会很挑剔，因此我尝试了多个新会话，但没有任何运气.

I have tried importing the trusted certificate using both oracle wallet manager, and command line, without any success.I know that oracle can be picky as to caching the wallet, so I have tried multiple new sessions without any luck.

我已经为* .presstogo.com，Geotrust SSL CA& Geotrust全球CA.

I have downloaded the three neccessary certificates for *.presstogo.com, Geotrust SSL CA & Geotrust Global CA.

我构建钱包的命令行版本如下:

The command-line version of my building the wallet is as follows:

orapki wallet create -wallet /oracle/product/12.0.1/owm/wallets/test1237 -pwd test=1237 -auto_login
orapki wallet add -wallet /oracle/product/12.0.1/owm/wallets/test1237 -trusted_cert -cert "*.presstogo.com" -pwd test=1237
orapki wallet add -wallet /oracle/product/12.0.1/owm/wallets/test1237 -trusted_cert -cert "GeoTrust SSL CA" -pwd test=1237
orapki wallet add -wallet /oracle/product/12.0.1/owm/wallets/test1237 -trusted_cert -cert "Geotrust Global CA" -pwd test=1237
orapki wallet display -wallet /oracle/product/12.0.1/owm/wallets/test1237
Oracle PKI Tool : Version 12.1.0.1
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=GeoTrust SSL CA,O=GeoTrust\, Inc.,C=US
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
Subject:        CN=*.presstogo.com,OU=IT,O=Press to go AS,L=Oslo,ST=Norway,C=NO,SERIAL_NUM=SJYpOHrRdCDHE8KZ6dRFGMJthOjs7-v3

好的，让我们测试一下.登录到sqlplus并运行以下命令:

Ok, lets test this. Login to sqlplus and run the following:

declare
    lo_req    utl_http.req;
    lo_resp   utl_http.resp;
begin
    utl_http.set_detailed_excp_support ( true );
    utl_http.set_wallet ( 'file:/oracle/product/12.0.1/owm/wallets/test1237', 'test=1237');
    lo_req := utl_http.begin_request ( 'https://production.presstogo.com/mars/hello' );
    lo_resp := utl_http.get_response ( lo_req );
    -- A successfull request would have the status code "200".
    dbms_output.put_line ( lo_resp.status_code );
    utl_http.end_response ( lo_resp );
exception
  when others then
    utl_http.end_response ( lo_resp );
    raise;
end;

声明

第1行出现错误:

ORA-29273:HTTP请求失败

ORA-29273: HTTP request failed

ORA-06512:位于"SYS.UTL_HTTP"的第1130行

ORA-06512: at "SYS.UTL_HTTP", line 1130

ORA-29024:证书验证失败

ORA-29024: Certificate validation failure

ORA-06512:在第6行

ORA-06512: at line 6

记录下来，值得注意的是以下内容确实有效:

For the record, It is worth noting that the following does work:

declare
    lo_req    utl_http.req;
    lo_resp   utl_http.resp;
begin
    utl_http.set_wallet ( 'file:/oracle/product/12.0.1/owm/wallets/test1237', 'test=1237');
    lo_req := utl_http.begin_request ( 'https://www.google.be' );
    lo_resp := utl_http.get_response ( lo_req );
    dbms_output.put_line ( lo_resp.status_code );
    utl_http.end_response ( lo_resp );
end;
/

救救我，欧比旺，你是我唯一的希望.

12c上的钱包

使用utl_http&amp; 12c上的钱包:证书验证失败

问题描述

推荐答案

使用utl_http& 12c上的钱包:证书验证失败