Solved

HTTPS integration using UTL_HTTP

  • 4 August 2021
  • 5 replies
  • 667 views

Userlevel 1
Badge +4

We are trying to integration with external system using HTTPS.

End point URL is - https://qa-tinsight.mercurygate.net/MercuryGate/common/remoteService.jsp

 

  • Created ACL
  • Created Wallet 
  • certificate imported to DB server

but still getting below error while calling the end point.

 

Does anyone have experience in achieving this kind of thing? We cannot use IFS Connect for for this.

 

Thanks !

icon

Best answer by dsj 5 August 2021, 07:57

View original

This topic has been closed for comments

5 replies

Userlevel 7
Badge +20

Hi Daab,  Hope you are doing good :)

 

Open the wallet using wallet manager and check all the certificates in the chain are imported. Probably the error due to certificate chain is not completely imported.

 

Cheers!

Damith

Userlevel 1
Badge +4

Hi DJ,

 

Its good to hear from you. Hope you are dong good and safe.

Yes I have created all the entries. Please see below screen.

 

 

 

Do you see any other issue on this? This is how I set the wallet.

UTL_HTTP.set_wallet('file:' || 'C:\\Wallet', 'Wallet123');

http_req_ := utl_http.begin_request(url_, 'POST', 'HTTP/1.1');
 UTL_HTTP.set_authentication(http_req_, 'xxx', 'xxxx');
 utl_http.set_header(http_req_, 'Content-Type', 'application/x-www-form-urlencoded');
 utl_http.set_header(http_req_, 'Content-Length', length(soap_request_));
 utl_http.write_text(http_req_, soap_request_);

 

The request is working through Postman.

 

Appreciate if you could share some thought on this.

thanks !

 

 

Userlevel 7
Badge +20

Hey,

 

Seems only one certificate is imported. Try this to import the chain.

  1. using OpenSSL, get the certificate chain

openssl s_client -host qa-tinsight.mercurygate.net -port 443 -prexit -showcerts

This will show all certificates in the chain in cmd

  1. save each certificate into separate .pem file (each certificate should start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE----- tags) 
  2. import all files saved above into the wallet (you may skip the certificate in level 0 since it’s already imported)

Hope it solve your problem :)

Damith

Userlevel 1
Badge +4

HI DJ,

Thanks for this. Now I can connect. 

I am getting below error as the response. 

HTTP Status 401 – Unauthorized

The request has not been applied because it lacks valid authentication credentials for the target resource.

Below is the code.

url_                  VARCHAR2(30000):= 'https://qa-tinsight.mercurygate.net/MercuryGate/common/remoteService.jsp';

 

UTL_HTTP.set_wallet('file:' || 'C:/Wallet', 'Wallet123');

http_req_ := utl_http.begin_request(url_, 'POST', 'HTTP/1.1');
 UTL_HTTP.set_authentication(http_req_, 'xxx', 'xxxx');
 utl_http.set_header(http_req_, 'Content-Type', 'application/x-www-form-urlencoded');
 utl_http.set_header(http_req_, 'Content-Length', length(soap_request_));
 utl_http.write_text(http_req_, soap_request_);

 

The request is working through Postman with valid credentials.

Is there a specific way to pass the credentials?

 

/DAAB

Userlevel 7
Badge +20

Nice to here that the certificate problem is solved :)

Does your API needs basic authentication or something else (like api key)?

As I know UTL_HTTP.set_authentication sets the basic authentication header.

Best thing is to check the request headers in Postman code snippet and add them in the request with utl_http.set_header

 

Eg:

 

Cheers!

Damith