Since Oracle 9i Release 2, the package has had the ability to access resources over HTTPS as well as HTTP. This article describes the method for enabling HTTPS access from the package. - Access Control List (ACL) - Test Unsecured Connection - Get Site Certificates - Create an Oracle Wallet Containing the Certificates - Test Secured Connection - Authentication - SSLv3, TLSv1 and POODLE Related articles. If you are using Oracle 11g, you will need to provide an ACL to allow the package to interact with an external host. This is described here. For this example my database user is , so this is the principal name, and we will be connecting to this website. Adjust as necessary. Before we start trying to configure SSL, lets see what happens if we attempt to access a HTTPS resource using the package. To do this, create the following procedure. This procedure works for a regular HTTP resource, but what happens if we call it using a HTTPS resource? The following example uses "https://oracle-base.com/". The error stack shows the "ORA-29024: Certificate validation failure" error. In order to make connections to a secured resource, we need to get the necessary certificate. The easiest way to do this is using a browser. The example below uses the Chrome browser. Using the browser, go to the URL you are attempting to access from PL/SQL. In this case "https://oracle-base.com/". Click the lock icon in the URL bar to display the certificate menu then click on the "Connection is secure" and "certificate is valid". The specifics will change with the browser you use and the version, but there will be something similar to this. You are presented with the "Certificate Viewer" screen. Click the "Details" tab, highlight the root certificate, not your certificate, and click the "export" button.

Save the certificate to your file system, and make it available on the server. In this example I put the root certificate into "/tmp". Create a new location to hold the wallet. Create a new wallet. If the wallet password is too weak, you will get a message telling you so. In Oracle 11.2 the same issue causes a failure to create the wallet with the following message. With the wallet created, we can add the certificate we saved earlier. The root certificate may fail to load with the following message, which can be ignored. It just means it was already present by default. We are now ready to access the secured resource, but we must provide the package with the wallet details so it can make the secured connections. This is done using the procedure. Repeating the previous test now works successfully. From Oracle 11gR2 onward, if you are using the option on the wallet, you don't have to specify the wallet password. You just pass NULL instead of the password. Thanks to Jason in the comments for pointing this change out! You may want to incorporate this into the procedure. If you are accessing a site that requires authentication, you will need to do one of two things depending on the type of authentication used. If the site uses basic authentication, simply specify the credentials in the call to , which will use them in the call. If the page uses digest authentication, then you will need to will need to install the digest_auth_api package, then make the following modification to the test code. You can then call the test code in the same way you did for basic authentication. With the publicity about the POODLE bug , many web masters are turning off SSLv3 support. Depending on your Oracle database version/patch, that can present a bit of a problem for people using to access HTTPS resources, as described here. - Package Fails With ORA-29273 ORA-28860 When Using TLSv1 ( Doc ID 727118.1 ) : Basically, older database releases only allow HTTPS using the SSLv3 protocol from . If you want to use the TLSv1 protocol you need to make sure you are on a patched up version of 11.2. The MOS note for the following comment has been removed/hidden, so it's possible this was a bug that is now fixed in 12.1.0.2. Interestingly, if you upgrade to Oracle 12c, you might have problems in the other direction, since Oracle 12c prevents calls over HTTPS to anything older than TLSv1.2, as described here. - Gives Error Over HTTPS Using RDBMS 12.1.0.1.0 ( Doc ID 1675966.1 ) So you might have trouble accessing legacy systems, without reverting to HTTP. For more information see: Hope this helps. Regards Tim...