function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
asagarwal.comasagarwal.com 

Getting "Unknown SSL Error" after Salesforce implemented new certificates signed with the SHA-256

Hi,

I was able to connect to Salesforce using REST API and make calls. But ever since Salesforce has implemented the new certificates with SHA-256, I a getting error ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-28857: Unknown SSL error. This of course is an Oracle Error since I am connecting from Oracle using UTL_HTTP method.

I have imported the new certificates into Oracle Wallet Manager following the URL https://help.salesforce.com/apex/HTViewSolution?urlname=HTTPS-Security-Certificate-Switch-from-SHA-1-to-SHA-256-hash-algorithms&language=en_US (https://help.salesforce.com/apex/HTViewSolution?urlname=HTTPS-Security-Certificate-Switch-from-SHA-1-to-SHA-256-hash-algorithms&language=en_US) but it hasn't helped. I know that the problem is more on the Oracle side but just wanted to ping this group and see if anyone has faced the same problem and was able to resolve it. Any pointers will be appreciated

Thanks,
Ashish
Yaswanth KothapalliYaswanth Kothapalli
Hi Ashish,

Yes you are right.
This is an issue from the Oracle end. May be the Wallet has not accepted the Certificates that are added.
As per the article provided by Salesforce the steps needs to be done at the integration end. 

Hope this discussion boards helps: 
-  https://community.oracle.com/thread/3573279
-  https://community.oracle.com/thread/394385

Thanks,
Yaswanth 
asagarwal.comasagarwal.com
Thanks for your response Yaswanth. I wasn't able to resolve the problem but found a workaround. What I did was configured a Reverse Proxy on the server to bypass Oracle Wallet and it worked smoothly. For the benefit of the community, here are the steps that I followed

1. Downloaded Apache 2.4 from URL http://httpd.apache.org/download.cgi

2. In the file "httpd.conf" under "Apache/conf" folder entered the following values (Here I am just showing the example for one Salesforce server which is 
https://ap1.salesforce.com. In my setup, I did this for all the Salesforce servers) 
SSLProxyEngine On
ProxyPass /ap1 https://ap1.salesforce.com
ProxyPassReverse /ap1 https://ap1.salesforce.com

ProxyPass /login https://login.salesforce.com
ProxyPassReverse /login https://login.salesforce.com

ProxyPass /test https://test.salesforce.com
ProxyPassReverse /test https://test.salesforce.com
3. Started httpd1 D:\Apache24\bin>httpd.exe

4. And then in Oracle PL/SQL package, changed all UTL_HTTP calls as shown below  
req := UTL_HTTP.BEGIN_REQUEST('https://ap1.salesforce.com/services/data/v33.0/sobjects/Account/describe, 'POST') ;

To

req := UTL_HTTP.BEGIN_REQUEST('http://localhost/ap1/services/data/v33.0/sobjects/Account/describe, 'POST') ;
This worked beautifully. And since I was just setting up my own Oracle Test Lab to try out different integration scenarios with Salesforce, didn't really bother about resolving the problem with Oracle Wallet.

Cheers,
Ashish (http://www.asagarwal.com)