Site icon IT Tutorial

ORA-29024: Certificate validation failure

I got ” ORA-29024: Certificate validation failure ” error in Oracle.

 

ORA-29024: Certificate validation failure

 

Details of error are as follows.


ORA-29024: Certificate validation failure

Cause:  The certificate sent by the other side could not be validated. This may occur if the certificate 
has expired, has been revoked, or is invalid for another reason.

Action: Check the certificate to determine whether it is valid. Obtain a new certificate, 
alert the sender that the certificate has failed, or resend.


 

 

Certificate validation failure

This ORA-29024 errors are related with the the facility or component or product or failing operation is expecting an oracle wallet

1. The first thing to check is the relevant oracle document for the steps related to the failing setup.

a.) For example if this error is thrown while using UTL_HTTP then it means that a secure website is being accessed without a wallet and this operation needs a wallet setup.

The corresponding documentation for this setup is :
Topic UTL_HTTP of Oracle® Database PL/SQL Packages and Types Reference Guide.

b.) Another example is , this can be thrown while making a remote connection to the database server over a TCPS[SSL] connection, which indicates that this connection is expecting an oracle wallet.

Oracle document corresponding to this scenario is :
Chapter 8 of Oracle® Database Advanced Security Administrator’s Guide

Troubleshooting this issue needs a proper understanding on oracle wallets and certificates.

To understand oracle wallet and the certificates , please follow the below document :
Chapter 9 “Using Oracle Wallet Manager” Of Oracle® Database Advanced Security Administrator’s Guide 11gR1 .

2. Once the wallet is setup as per the documentation and still the error is seen then consider the following scenarios :

a.) Open the wallet in Oracle Wallet Manager and check the corresponding certificates.

If the Oracle Wallet Manager is Unable to open the wallet then try to open the wallet using ORAPKI command line option using the below syntax :

orapki wallet display -wallet <wallet_location>

If ORAPKI also fails to open the wallet then the wallet currently used is corrupted so create a new wallet and recheck the scenario.

b.)In case your current setup needs a wallet with a user and trusted certificates then check whether both the user and trusted certificates are valid and not expired or revoked.

c.) If this error is seen while using with UTL_HTTP set up then , check :

—> Whether all the certificates of the secure website are there in the wallet and the certificate chain is complete.

For UTL_HTTP calls one needs to import the trusted certificates of the external website ( root and intermediate certificates )

d.) If there is a proxy server involved, make sure the target website is in the proxy ‘whitelist’.

 

 

 

Do you want to learn Oracle Database for Beginners, then read the following articles.

Oracle Tutorial | Oracle Database Tutorials for Beginners ( Junior Oracle DBA )

 

Exit mobile version