SSL Summary
SSL Summary
SSL Summary
(SSL):
The steps necessary to establish a secure URL connection (SSL) using the
UTL_HTTP Oracle PL/SQL package and an Oracle Wallet.
An Oracle Wallet stores all of the encryption keys that the database can use and is required
in order to access an SSL site using the UTL_HTTP PL/SQL package. Attempting to establish a
secure URL connection without an Oracle wallet (and, of course, the required certificates
from the SSL site) will result in the code throwing the Oracle error ORA-29024: Certificate
validation failure:
Oracle Wallet
An Oracle Wallet is nothing more than a logical container (a single file named
ewallet.p12) that stores all encrypted keys needed by the Oracle database in
order to access SSL sites. This is not, however, the only use of an Oracle Wallet. It
is also used by many of the more advanced security options in Oracle like
Transparent Data Encryption (TDE) or PKI Credentials. These more advanced
options are part of Oracle Advanced Security Option (ASO) and are only available
when using Oracle Enterprise Edition.
Note that creating and importing keys into an Oracle Wallet and then using that
Oracle wallet to establish a secure connection can be done using Oracle Standard
Edition. Although I've seen it mentioned that Oracle Wallets only work with
Enterprise Edition, this is incorrect. The Oracle Wallet simply stores keys which
can be used by the Oracle database. There are some security options (like TDE or
PKI Credentials) that are part of Oracle's ASO which are only available with Oracle
Enterprise Edition. Oracle ASO is an additional license cost on top of Enterprise
Edition. Accessing SSL sites from the database using UTL_HTTP and an Oracle
Wallet does not require Oracle's Advanced Security Option and can therefore be
used with Oracle Standard Edition.
The only downside to using an Oracle Wallet is that you need to know in advance
each SSL site you will be accessing when using UTL_HTTP. You will be required to
extract the site's public key certificate and import it into an Oracle Wallet before
the database can access that secure site. This has to be performed for each secure
site you want to access when using UTL_HTTP. This is unlike a web browser which
does all of this for you!
Namely :/u01/oracle/DEVL/12.1.0/admin/DEVL/xdb_wallet
SSL/TLS Certificate
TLS/SSL certificates are the standard by all major web browsers to ensure a safer
internet experience for users. Websites secured by TLS/SSL certificates are more
trusted by internet users because they encrypt and protect private information
transferred to and from their website.
* Sets the Oracle wallet to be used for all HTTP requests over Secured
* with a HTTP server over SSL, the HTTP server presents its digital
* package for identification purpose. The Oracle wallet contains the list
* PARAMETERS
* password The password needed to open the wallet. There may a second
* EXCEPTIONS
* NOTES
* None.
*/
UTL_HTTP.set_wallet(‘file:/wallet/path’,’walletpassword’);