We figured this out. Verisign did have a new Intermediate certificate that we had to import into our Oracle Wallet. Once we imported the new Intermediate certificate, it started validating.
On Wed, Aug 26, 2009 at 1:43 AM, THIA Jean-Marie <[email protected]>wrote: > I have always handled certificate with the oracle wallet component. > Hope it helps, > Jean Marie > > Sent from my Orange HTC Touch Pro > > > > ------------------------------ > De: Parker Grimes <[email protected]> > Env: mercredi 26 août 2009 06:17 > À: [email protected] <[email protected]> > Objet: [cas-user] CAS PL/SQL client and SSL certificate validation errors > > Hi all, > > This question isn't really an issue with CAS, but I am hoping someone out > there has used the PL/SQL CAS client and can offer a suggestion to a problem > we are having. > > We have been using the PL/SQL CAS client for two years now successfully. > Our SSL certificate expires soon on our CAS server. After we install the new > SSL certificate (from Verisign) on our CAS server, the PL/SQL CAS client > fails with a certificate validation error. Specifically when it calls > utl_http.request('https://ourcasserver.edu/cas/validate...... we get the > following Oracle error: > > ORA-29273: HTTP request failed > ORA-06512: at "SYS.UTL_HTTP", line 1577 > ORA-29024: Certificate validation failure > ORA-06512: at line 1 > > As soon as we put the old certificate back, it works just fine. I am > thinking that perhaps there has been a new Intermediate or Root certificate > from Verisign that isn't in place on our Oracle database server. Is there > anyone out there knows where Oracle keeps those and how to update them? I am > only familiar with how Java handles the root/intermediate CA certificates, > in the cacerts file, but not sure if Oracle has something equivalent to a > root cacerts file. Anybody know? > > Thanks, > Parker > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
