Skip to Main Content
  • Questions

  • Configuring TLS for connections from Oracle database to another server

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Alain Delon .

Asked: May 25, 2023 - 8:30 pm UTC

Last updated: June 02, 2023 - 2:59 am UTC

Version: 19.17.0.0.0

Viewed 1000+ times

You Asked

Hello,

How to configure TLS for connections from Oracle database to another server (e.g mailing server)?

We have an on premises SMTP email sever to which the database pushes the emails to be sent out. All internal emails are working perfectly but external emails (e.g to Gmail) are failing with ORA-29024: Certificate validation failure.

The TLS wallet has been created on the database server and the SMTP email sever certificate (certificate are still valid) have been added to this wallet. The code has also been updated with wallet location and wallet password.

The mailing team confirmed they did not need our server certificate. At this point we are not sure what we are missing on our setting.
Please, we'll appreciate if you can point us to a documentation/video or provide us with advise on how to figure it out.


Thank you

and Connor said...

The TLS wallet has been created on the database server and the SMTP email sever certificate (certificate are still valid) have been added to this wallet. The code has also been updated with wallet location and wallet password.

ORA-29024: Certificate validation failure, is unfortunately fairly generic being "Hey, something about using the certificate didn't work" - that could be we couldn't find it, we couldn't open it, it was not in the right format, wrong TLS level, etc etc...

A couple of things to check

a) make sure your server is accepting TLS 1.2
b) Make sure that the wallet includes only the signing certificates. Importing the last certificate from the certificate chain is useless anyway because during the SSL handshake Oracle checks whether the signing authority is known to it (that is, whether the certificates of the signing authority was imported into the wallet). The last certificate in the certificate chain is user certificate, not trusted certificate. This shouldn't be imported into the wallet as trusted certificate.



Is this answer out of date? If it is, please let us know via a Comment
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

PL/SQL demos

Check out more PL/SQL tutorials on our LiveSQL tool.

PL/SQL docs

PL/SQL reference manual from the Oracle documentation library