Problem
Starting with Oracle 19 you need to do some additional steps to allow Java calls within your Oracle 19 db to access self signed web services or other ssl/https resources. You'll notice the problem with error like the following while calling an https site from java within Oracle 19:
ORA-29532: Java-Aufruf durch nicht abgefangene Java-Ausnahme beendet: java.rmi.RemoteException: java.rmi.RemoteException:; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Solution
Copy the existing cacerts file located in /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts
to /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt
keytool -importcert -trustcacerts \
-keystore /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt \
-storepass changeit \
-file my_ca_cert.crt -alias myrootca \
-v -noprompt
Load the file into oracle with sqlplus
$ sqlplus / as sysdba
SQL> alter session set container = orclpdb;
SQL> exec dbms_java.loadjava('-schema SYS -grant PUBLIC -dirprefix /home/oracle/database/javavm/jdk/jdk8 /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt')
or with the CLI Tool
$ cd /home/oracle/database/javavm/jdk/jdk8
$ loadjava -user sys@db -v -schema SYS -grant PUBLIC \
/lib/security/cacerts.alt
No comments:
Post a Comment