Accessing HTTPS pages using Oracle's UTL_HTTP package

The change needed to your PL/SQL is straightforward. Simply configure UTL_HTTP to use the "Oracle wallet":

UTL_HTTP.SET_WALLET(v_wallet_path,v_wallet_password);

The hard bit is importing certificates into a wallet.

1. Start Oracle Wallet Manager
   # xhost +
   access control disabled, clients can connect from any host
   # su - oracle
   Sun Microsystems Inc. SunOS 5.10 Generic January 2005
   -bash-3.00$ export DISPLAY=:1 (if you are using VNC)
   -bash-3.00$ owm
   
   If the DB is on another machine, do the following:
   -bash-3.00$ export DISPLAY=192.168.1.58:1
   -bash-3.00$ owm
2. Hit the new wallet button
3. "Your default wallet does not exist, do you want to create it?"
   No
4. Prompt for wallet password. Enter whatever you prefer.
5. "A new empty wallet has been created. Do you want to create a new certificate request at this time?"
   No
6. Right click on trusted certificates in the hierarchy on the left
7. Choose Import Certificate
8. "Choose a method to select the certificate"
   ( ) Paste the certificate
   (x) Load the certificate from a file
9. Go to another terminal
   
   Here are the instructions for Sun Appserver
   
10. # cd /var/opt/SUNWappserver/domains/domain1/config
11. List certificates:
    /opt/SUNWappserver/appserver/lib/certutil -L -d .
12. You should see s1as in the list. Then type:
    /opt/SUNWappserver/appserver/lib/pk12util -o ascerts.p12 -n s1as -d .
13. This spits out a pkcs12 format certificate.
    
    Now onto OpenSSL:
    
14. Oracle wallet requires x509, you need to use openssl to convert to pem and then to x509.
    # ./openssl pkcs12 -in /export/home/admin/ascerts.p12 -clcerts -nokeys -out satin.acceleresystems.com.cert.pem
    Enter Import Password:
    MAC verified OK
    # ./openssl pkcs12 -in /export/home/admin/ascerts.p12 -nocerts -nodes -out satin.acceleresystems.com.key.pem
    
    Enter Import Password:
    MAC verified OK
15. Now convert to X509
    # ./openssl x509 -in satin.acceleresystems.com.cert.pem -out satin.acceleresystems.com.cert.x509
16. Copy file to the machine with Oracle, and finish the import using OWM
17. Save the wallet to /export/home/oracle/wallets. You can't set the name, but it will be ewallet.p12. To use the wallet you only need the directory name (see next step).
18. You can now access the wallet from Oracle using UTL_HTTP.set_wallet('file:/export/home/oracle/wallets','password');
    

You MUST use the absolute path to the cert when using openssl, or you will get an error about TRUSTED certificate on the last step of openssl x509.

If editing an existing wallet, you need to hit open and navigate to the wallets directory. Continue even though you have no default set.