Scribd Logo
Upload

Welcome to Scribd!

  • 15 views

    SSL Summary

    Uploaded by

    Raoof Ahmed
    The document discusses how to establish a secure URL connection using UTL_HTTP and an Oracle wallet. Key steps include capturing certificates from the SSL site, creating an Oracle wallet on the database server, importing the certificates into the wallet, and using the UTL_HTTP.SET_WALLET procedure to set the wallet before making requests. An Oracle wallet stores encryption keys needed to access SSL sites via UTL_HTTP and is required for secure connections.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    SSL Summary

    Uploaded by

    Raoof Ahmed
    15 views3 pages
    The document discusses how to establish a secure URL connection using UTL_HTTP and an Oracle wallet. Key steps include capturing certificates from the SSL site, creating an Oracle wallet on the database server, importing the certificates into the wallet, and using the UTL_HTTP.SET_WALLET procedure to set the wallet before making requests. An Oracle wallet stores encryption keys needed to access SSL sites via UTL_HTTP and is required for secure connections.

    Original Description:

    SSL_summary

    Original Title

    SSL_summary

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses how to establish a secure URL connection using UTL_HTTP and an Oracle wallet. Key steps include capturing certificates from the SSL site, creating an Oracle wallet on the database server, importing the certificates into the wallet, and using the UTL_HTTP.SET_WALLET procedure to set the wallet before making requests. An Oracle wallet stores encryption keys needed to access SSL sites via UTL_HTTP and is required for secure connections.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    15 views3 pages

    SSL Summary

    Uploaded by

    Raoof Ahmed
    The document discusses how to establish a secure URL connection using UTL_HTTP and an Oracle wallet. Key steps include capturing certificates from the SSL site, creating an Oracle wallet on the database server, importing the certificates into the wallet, and using the UTL_HTTP.SET_WALLET procedure to set the wallet before making requests. An Oracle wallet stores encryption keys needed to access SSL sites via UTL_HTTP and is required for secure connections.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 3

    Using UTL_HTTP and an Oracle Wallet to Establish a Secure URL Connection

    (SSL):

    The steps necessary to establish a secure URL connection (SSL) using the
    UTL_HTTP Oracle PL/SQL package and an Oracle Wallet.

    In order to establish a connection to a secure URL from an Oracle database


    server, the following tasks will need to be performed:

     Capture all required certificates from the SSL site


     Create an Oracle Wallet that is accessible on the database server
     Import the required certificate(s) of the SSL site into the Oracle Wallet
     Use the UTL_HTTP.SET_WALLET PL/SQL procedure before attempting to access the
    secure URL

    An Oracle Wallet stores all of the encryption keys that the database can use and is required
    in order to access an SSL site using the UTL_HTTP PL/SQL package. Attempting to establish a
    secure URL connection without an Oracle wallet (and, of course, the required certificates
    from the SSL site) will result in the code throwing the Oracle error ORA-29024: Certificate
    validation failure:

    Oracle Wallet

    An Oracle Wallet is nothing more than a logical container (a single file named
    ewallet.p12) that stores all encrypted keys needed by the Oracle database in
    order to access SSL sites. This is not, however, the only use of an Oracle Wallet. It
    is also used by many of the more advanced security options in Oracle like
    Transparent Data Encryption (TDE) or PKI Credentials. These more advanced
    options are part of Oracle Advanced Security Option (ASO) and are only available
    when using Oracle Enterprise Edition.

    Note that creating and importing keys into an Oracle Wallet and then using that
    Oracle wallet to establish a secure connection can be done using Oracle Standard
    Edition. Although I've seen it mentioned that Oracle Wallets only work with
    Enterprise Edition, this is incorrect. The Oracle Wallet simply stores keys which
    can be used by the Oracle database. There are some security options (like TDE or
    PKI Credentials) that are part of Oracle's ASO which are only available with Oracle
    Enterprise Edition. Oracle ASO is an additional license cost on top of Enterprise
    Edition. Accessing SSL sites from the database using UTL_HTTP and an Oracle
    Wallet does not require Oracle's Advanced Security Option and can therefore be
    used with Oracle Standard Edition.

    The only downside to using an Oracle Wallet is that you need to know in advance
    each SSL site you will be accessing when using UTL_HTTP. You will be required to
    extract the site's public key certificate and import it into an Oracle Wallet before
    the database can access that secure site. This has to be performed for each secure
    site you want to access when using UTL_HTTP. This is unlike a web browser which
    does all of this for you!

    As previously mentioned an Oracle Wallet is simply a file and must be


    named ewallet.p12. Within Oracle, whenever you specify the location of the Oracle
    Wallet to open, you only specify the directory containing the wallet. It will be
    assumed the file ewallet.p12 exists within that directory. For example, in this article,
    I will be creating the Oracle Wallet on the database server in a non-default
    directory;

    Namely :/u01/oracle/DEVL/12.1.0/admin/DEVL/xdb_wallet

    SSL/TLS Certificate

    Transport Layer Security (TLS) certificates—most commonly known as SSL, or


    digital certificates—are the foundation of a safe and secure internet. TLS/SSL
    certificates secure internet connections by encrypting data sent between your
    browser, the website you’re visiting, and the website server.

    TLS/SSL certificates are the standard by all major web browsers to ensure a safer
    internet experience for users. Websites secured by TLS/SSL certificates are more
    trusted by internet users because they encrypt and protect private information
    transferred to and from their website.

    * Sets the Oracle wallet to be used for all HTTP requests over Secured

    * Socket Layer (SSL), namely HTTPS. When the UTL_HTTP package


    communicates

    * with a HTTP server over SSL, the HTTP server presents its digital

    * certificate, which is signed by a certificate authority, to the UTL_HTTP

    * package for identification purpose. The Oracle wallet contains the list

    * of certificate authorities which are trusted by the user of the UTL_HTTP

    * package. An Oracle wallet is required in order to make a HTTPS request


    * successfully.

    * PARAMETERS

    * path The directory path that contains the Oracle wallet.

    * The format is "file:<directory-path>".

    * password The password needed to open the wallet. There may a second

    * copy of a wallet in a wallet directory that may be opened

    * without a password. That second copy of the wallet is for

    * read only. If password is NULL, the UTL_HTTP package will

    * open the second, read-only copy of the wallet instead.

    * See the documentation on Oracle wallets for details.

    * EXCEPTIONS

    * miscellaneous runtime exceptions.

    * NOTES

    * None.

    */

    PROCEDURE set_wallet(path IN VARCHAR2,

    password IN VARCHAR2 DEFAULT NULL);

    UTL_HTTP.set_wallet(‘file:/wallet/path’,’walletpassword’);

    You might also like