Tejaswi | Posts: 66

Error while connecting esign and Oracle application

0 votes
Hi, I am getting the following error while connecting URL and application. ORA-29273: HTTP request failed. Below is the code snippet: UTL_HTTP.SET_WALLET('file:xxxxxx', 'xxxxx'); v_request := utl_http.begin_request('https://sandbox.esignlive.com/', 'POST', 'HTTP/1.1');

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
Hi Tejaswi, Could you try POST to "https://sandbox.esignlive.com/api/packages" instead of just the instance url? Duo

Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
I tried the above url. It still shows the same error.

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
Hi Tejaswi, Did your Oracle Wallet contains the root certification of OneSpan Sign site, which is "GlobalSign Root CA -R1"? As this Oracle guide: UTL_HTTP and SSL (HTTPS) using Oracle Wallets suggests, you can simply try showing html from OneSpan Sign site url to see whether your requests can hit OneSpan Sign side. Duo

Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
PFA certificate for the site : https://sandbox.esignlive.com/ . The wallet has been created for the "TCSROOTCA" certificate. Can you please tell me for which site is the "GlobalSign Root CA-R1" certificate?

Attachments
Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
Hi there, As I suggested above, it's better to test your connection with OneSpan Sign(https://sandbox.esignlive.com), like below command:
EXEC UTL_HTTP.set_wallet('file:xxx', 'xxx');
declare
    req utl_http.req;
begin
    req := utl_http.begin_request('https://sandbox.esignlive.com');
end;
/
Based on the result, you could share the complete error trace and potentially, it could because of the ACL or wallet access. So I was suggesting to add the Root CA certification of OneSpan Sign(GlobalSign Root CA) to the trusted certificates to your wallet in use: This certification can be exported when browsing https://sandbox.esignlive.com, it's in the certification path as the screenshot above. Duo

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
BTW, I can invoke REST APIs from PL/SQL at my own environment now, this is my example code to create a package:
create or replace procedure create_package
as
  req utl_http.req;
  res utl_http.resp;
  url varchar2(4000) := 'https://sandbox.esignlive.com/api/packages';
  buffer varchar2(4000); 
  content varchar2(4000) := '{"name":"package created from oracle"}';
 
begin
  req := utl_http.begin_request(url, 'POST',' HTTP/1.1');
  utl_http.set_header(req, 'user-agent', 'mozilla/4.0'); 
  utl_http.set_header(req, 'content-type', 'application/json'); 
  utl_http.set_header(req, 'Authorization', 'Basic {your_api_key}'); 
  utl_http.set_header(req, 'Content-Length', length(content));
 
  utl_http.write_text(req, content);
  res := utl_http.get_response(req);
  -- process the response from the HTTP call
  begin
    loop
      utl_http.read_line(res, buffer);
      dbms_output.put_line(buffer);
    end loop;
    utl_http.end_response(res);
  exception
    when utl_http.end_of_body 
    then
      utl_http.end_response(res);
  end;
end create_package;
/

Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
What is the extension for GlobalSign Root CA certificate? I save the certificate(TCSROOTCA) in .crt extension.

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
Hi Tejaswi, I downloaded it in .cer extension, I believe both crt and cer extension certifications can be added to the existing wallet. Below is the command I used to add trusted certifications:
orapki wallet add -wallet C:\xxx\wallet -trusted_cert -cert "C:\xxx\ossroot.cer" -pwd WalletPasswd123
And I've attached the steps to download the root CA certification from browser. Duo

Attachments
7-11-1.png103.81 KB
Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
The above steps to download certificate and wallet creation has been performed by the DBA team. I am getting the same error. ORA-29273 HTTP request failed. I executed the below sql statement : select utl_http.get_detailed_sqlerrm from dual; and got the following result: ORA-29024: Certificate validation failure I don't understand. I downloaded the certificate using the above mentioned steps.

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

1 votes
Hi Tejaswi, First you could give it a quick try that: If your wallet is set to -auto_login, try using NULL as credential when invoking UTL_HTTP.set_wallet like below:
EXEC UTL_HTTP.set_wallet('file:C:\wallet5', NULL);
If it still yields "Certificate validation failure" error, you could do some more general test like importing google's Root Certification to see whether your UTL_HTTP could get access to the google site or any other public site. Duo

Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
Hi Duo, I am able to connect esign and oracle application. The TCS-ROOT CA certificate was not correct. The client provided the GlobalSign Root CA certificate (https://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt), same like in the screen shot provided by you. Thank you.

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
Great to hear that! :) Duo

Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
Hi Duo, Please confirm if the below certificate can be used for Production Url of E-sign. https://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt Currently I am using this certificate for sandbox url : https://sandbox.esignlive.com/api/packages

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
Hi Tejaswi, Kindly check below screenshot: the certificate is granted to the whole esignlive.com domain, therefore should be safe to use for the US2 production environment (apps.esignlive.com) Duo

Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
can the below url be used for production instance - https://apps.e-signlive.com/api/packages

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
Hi Tejaswi, From my understand and test, the *.e-signlive.com domain was granted by another Root CA: Therefore you need to export this root certificate and import the certificate to your oracle wallet. Duo

Duo_Liang | Posts: 3776

Reply to: Error while connecting esign and Oracle application

0 votes
You can either export from browser or download from globalsign's offical site: http://secure.globalsign.com/cacert/gsrsadvsslca2018.crt Duo

Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
I will import this certificate to oracle wallet. Regarding the above url, can I use it in integration code in production instance at my end?

Tejaswi | Posts: 66

Reply to: Error while connecting esign and Oracle application

0 votes
I will import this certificate to oracle wallet. Regarding the above url, can I use it in integration code in production instance at my end?

rodrigo.torres | Posts: 1

Reply to:

0 votes

Hello 

I havre an Oracle Partner having an issue installing the certificate, Do you know if in Oracle Cloud ERP  is possible for the partner to make this.  Are the wallets accesible to them or will they need to ask support  directly from Oracle to install the certificate?


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off