我用过utl_http&钱包在11gR1上调用https没有太大麻烦,但是我们新的12c安装让我感到非常悲痛.
我尝试使用oracle钱包管理器和命令行导入可信证书,但没有任何成功.
我知道oracle可以挑选缓存钱包,所以我尝试了多次没有运气的新会话.
我已经下载了三个必要的证书* .presstogo.com,Geotrust SSL CA& Geotrust Global CA.
我构建钱包的命令行版本如下:
orapki wallet create -wallet /oracle/product/12.0.1/owm/wallets/test1237 -pwd test=1237 -auto_login orapki wallet add -wallet /oracle/product/12.0.1/owm/wallets/test1237 -trusted_cert -cert "*.presstogo.com" -pwd test=1237 orapki wallet add -wallet /oracle/product/12.0.1/owm/wallets/test1237 -trusted_cert -cert "GeoTrust SSL CA" -pwd test=1237 orapki wallet add -wallet /oracle/product/12.0.1/owm/wallets/test1237 -trusted_cert -cert "Geotrust Global CA" -pwd test=1237 orapki wallet display -wallet /oracle/product/12.0.1/owm/wallets/test1237 Oracle PKI Tool : Version 12.1.0.1 Copyright (c) 2004,2012,Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Trusted Certificates: Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\,Inc.,C=US Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\,O=GTE Corporation,C=US Subject: CN=GeoTrust SSL CA,O=GeoTrust\,C=US Subject: OU=Class 2 Public Primary Certification Authority,C=US Subject: OU=Class 1 Public Primary Certification Authority,C=US Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US Subject: CN=*.presstogo.com,OU=IT,O=Press to go AS,L=Oslo,ST=Norway,C=NO,SERIAL_NUM=SJYpOHrRdCDHE8KZ6dRFGMJthOjs7-v3
declare
lo_req utl_http.req;
lo_resp utl_http.resp;
begin
utl_http.set_detailed_excp_support ( true );
utl_http.set_wallet ( 'file:/oracle/product/12.0.1/owm/wallets/test1237','test=1237');
lo_req := utl_http.begin_request ( 'https://production.presstogo.com/mars/hello' );
lo_resp := utl_http.get_response ( lo_req );
-- A successfull request would have the status code "200".
dbms_output.put_line ( lo_resp.status_code );
utl_http.end_response ( lo_resp );
exception
when others then
utl_http.end_response ( lo_resp );
raise;
end;
宣布
*
第1行的错误:
ORA-29273:HTTP请求失败
ORA-06512:在“SYS.UTL_HTTP”,第1130行
ORA-29024:证书验证失败
ORA-06512:第6行
为了记录,值得注意的是以下内容确实有效:
declare
lo_req utl_http.req;
lo_resp utl_http.resp;
begin
utl_http.set_wallet ( 'file:/oracle/product/12.0.1/owm/wallets/test1237','test=1237');
lo_req := utl_http.begin_request ( 'https://www.google.be' );
lo_resp := utl_http.get_response ( lo_req );
dbms_output.put_line ( lo_resp.status_code );
utl_http.end_response ( lo_resp );
end;
/
帮助我欧比万,你是我唯一的希望.
根据Oracle Support,只应导入证书链,而不是最终站点证书.
在上面使用的示例中,仅将以下证书导入钱包:
Geotrust SSL CA& Geotrust Global CA.
请勿导入* .presstogo.com证书
引用Oracle支持:
The reason that the select is failing in 12c is that 12c does not want
to see the user cert in the wallet as a trusted cert.This was apparently not an issue in prevIoUs versions but removing
that cert from the wallet fixed the issue here.
这与我在网上找到的关于使用utl_http连接到Https网站的所有信息相矛盾,并且让我感到很困惑.
希望这会在我的情况下帮助其他人.
