ORA-29024:在 apex_web_service.make_rest_request 或 UTL_HTTP.REQUEST Oracle APEX(自治数据库)中使用时证书验证失败

问题描述 投票:0回答:1

我遵循了本论坛中的所有步骤,假设来自自治 SQL 开发人员,它以以下两种方式工作:

ORA-29024:在自治数据库中使用 UTL_HTTP.REQUEST 时证书验证失败

ORA-29024:证书验证失败 - 从 SQL Developer Web/Apex 使用 UTL_HTTP.REQUEST 时(文档 ID 2687222.1)

使用此服务,我仍然收到错误:

https://www.datos.gov.co

SELECT UTL_HTTP.REQUEST('https://www.datos.gov.co') FROM dual;

ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1594
ORA-29024: Certificate validation failure
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1534
ORA-06512: at line 1
29273. 00000 - "HTTP request failed"
*Cause: The UTL_HTTP package failed to execute the HTTP request.
*Action: Use the GET_DETAILED_SQLERRM function to check the detailed error
message. Fix the error and retry the HTTP request.
Error at Line: 1 Column: 6

从 dba_host_acls 中选择 * 按主机排序;

“主持人” “LOWER_PORT” “UPPER_PORT” “ACL” “ACLID” “ACL_OWNER” “USE_DNS_PROXY” “PRIVATE_TARGET”
“*” “NETWORK_ACL_162E6” 0000000080002724 “系统” “不适用” “不”
“www.datos.gov.co” “/sys/acls/httpg.xml” 0000000080002765 “系统” “不适用” “不”
“www.example.com” “/sys/acls/httpa.xml” 0000000080002764 “系统” “不适用” “不”
“www.google.com” “NETWORK_ACL_199F2E61DE81” 0000000080002760 “系统” “不适用” “不”

从 DBA_HOST_ACES 选择 *;

“主持人” “LOWER_PORT” “UPPER_PORT” “ACE_ORDER” “START_DATE” “END_DATE” “GRANT_TYPE” “INVERTED_PRINCIPAL” “校长” “PRINCIPAL_TYPE” “特权” “USE_DNS_PROXY” “PRIVATE_TARGET”
“*” 2 “授予” “不” “C##OMLREST2” “数据库” “解决” “不适用” “不”
“*” 2 “授予” “不” “C##OMLREST2” “数据库” “连接” “不适用” “不”
“*” 1 “授予” “不” “GSMADMIN_INTERNAL” “数据库” “解决” “不适用” “不”
“www.datos.gov.co” 1 “授予” “不” “管理员” “数据库” “HTTP” “不适用” “不”
“www.datos.gov.co” 1 “授予” “不” “管理员” “数据库” “连接” “不适用” “不”
“www.datos.gov.co” 1 “授予” “不” “管理员” “数据库” “解决” “不适用” “不”
“www.datos.gov.co” 2 “授予” “不” “APEX_230200” “数据库” “连接” “不适用” “不”
“www.datos.gov.co” 2 “授予” “不” “APEX_230200” “数据库” “解决” “不适用” “不”
“www.datos.gov.co” 2 “授予” “不” “APEX_230200” “数据库” “HTTP” “不适用” “不”
“www.example.com” 1 “授予” “不” “管理员” “数据库” “解决” “不适用” “不”
“www.example.com” 1 “授予” “不” “管理员” “数据库” “连接” “不适用” “不”
“www.google.com” 1 “授予” “不” “管理员” “数据库” “HTTP” “不适用” “不”
“www.google.com” 2 “授予” “不” “APEX_230200” “数据库” “HTTP” “不适用” “不”
“www.google.com” 2 “授予” “不” “APEX_230200” “数据库” “连接” “不适用” “不”
“www.google.com” 2 “授予” “不” “APEX_230200” “数据库” “解决” “不适用” “不”

但是对于 APEX_APPLICATION.g_flow_schema_owner 的principal_name,它在 Oracle APEX 中对我不起作用。

SELECT UTL_HTTP.REQUEST('https://www.google.com') FROM dual;
ORA-29273: HTTP request failed

It works

select apex_web_service.make_rest_request (
p_url => 'https://www.google.com',
p_http_method => 'GET'
) from dual;

Does not work

select apex_web_service.make_rest_request (
p_url => 'https://www.datos.gov.co',
p_http_method => 'GET'
) from dual;

ORA-29273: HTTP request failed

问候

oracle oracle-apex apex-code oracle-autonomous-db
1个回答
0
投票

证书错误与网络权限不同。如果与 ACL 问题相关,您将得到以下信息:

SQL> SELECT UTL_HTTP.REQUEST('https://www.datos.gov.co') FROM dual;
SELECT UTL_HTTP.REQUEST('https://www.datos.gov.co') FROM dual
       *
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1620
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1560
ORA-06512: at line 1

证书与通过 SSL 访问网站的钱包条目相关。

首先要尝试的是:

SELECT UTL_HTTP.REQUEST('https://www.datos.gov.co',wallet_path=>'system:') from dual;

它将使用操作系统级别的证书存储。如果这不起作用,则该站点没有使用典型的证书提供商之一。这会让事情变得复杂,你需要检查一下

https://docs.oracle.com/en-us/iaas/autonomous-database-serverless/doc/external-calls-with-customer-management-wallet.html#GUID-89B2A9C2-7567-451B-9150- 04D3852C0DCB

有关设置自己的钱包的详细信息

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.