Dieses Blog durchsuchen

Mittwoch, 21. Oktober 2020

Self signed certificates and Oracle 19


Starting with Oracle 19 you need to do some additional steps to allow Java calls within your Oracle 19 db to access self signed web services or other ssl/https resources. You'll notice the problem with error like the following while calling an https site from java within Oracle 19:

ORA-29532: Java-Aufruf durch nicht abgefangene Java-Ausnahme beendet: java.rmi.RemoteException: java.rmi.RemoteException:; nested exception is: 

                HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Copy the existing cacerts file located in /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts
to /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt

add your self signed cert with (how to get my cert from an existing web site)

keytool -importcert -trustcacerts \
    -keystore /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt \
    -storepass changeit \
    -file my_ca_cert.crt -alias myrootca \
    -v -noprompt

Load the file into oracle with sqlplus

$ sqlplus / as sysdba
SQL> alter session set container = orclpdb;
SQL> exec dbms_java.loadjava('-schema SYS -grant PUBLIC -dirprefix /home/oracle/database/javavm/jdk/jdk8 /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt')

or with the CLI Tool 

$ cd /home/oracle/database/javavm/jdk/jdk8
$ loadjava -user sys@db -v -schema SYS -grant PUBLIC  \