I’ve posted a tweet on #orclapex a while agon (June 21st), asking if anyone managed to access HTTPS resource using the UTL_HTTP package, on an Oracle XE database. Still, I have no answer to that, but I’m getting closer to the inevitable answer: it might not be possible!
First of all, when wanting to connect to an http site using the ssl protocol (HTTPS), you need to create and setup and encrypted PKCS#12 container called Oracle Wallet. Oracle Wallet Manager (OWM) is a tool to manage public key security credentials on Oracle clients and servers. Why does HTTPS connection need this wallet manager? Because when initiating an HTTPS connection from the database (with UTL_HTTP), the identity of the public key holder (read more about SSL here) must be verified through authentication by a Certificate Authority, that issues a public CA certificate. This is stored inside the wallet, a file stored on the disk, or in the Windows registry. So all HTTPS connections done with UTL_HTTP will use a wallet containing the public certificate, so that the connection will be verified as a trusted on. Web browsers do this by default!
The main issue with wallets is that Oracle XE does not come with Oracle Wallet Manager!
But, according to Oracle documentation, even if Oracle Wallet Manager is part of Oracle Advanced Security (OAS), that is not free and not shipped with Oracle XE, Oracle Wallets can be deployed on clients, middle tiers, and database servers free of charge. So using a previously created wallet (on Oracle SE or EE) on a XE database, to initiate HTTPS connection from the database to a HTTPS resource, might work on XE and is free o charge! There is discussion about this on OTN. But has anyone managed to make it work?