I previously wrote about Using the Operating System’s certificate store instead of an Oracle wallet in Oracle AI Database 26ai. This is a great productivity boost, and it all comes down to this: if the operating system trusts a HTTPS certificate, so does the database.
Before jumping into the examples, it’s worth highlighting an important aspect: security. Therefore you cannot simply write to a file or open a network connection in Oracle AI Database without doing some setup work Developers wishing to perform network I/O via UTL_HTTP for example must define fine-grained access control settings. More realistically, they need to ask an administrator to do this. For network I/O this includes the definition of an Access Control Entry (ACE) by calling DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE().
No more wallets required. For me that’s a big deal: not having to add certificates to wallets, followed by securely distributing said wallets can save you a lot of time.
Oracle Database 23c first introduced support for the operating system’s certificate store, quite a while ago now. It proved so popular that it was backported to Oracle Database 19c as well. You can find it documented in a few places, the most important one is the Packages and Types Reference.
To use the new feature in Oracle Database 19c you still have to set the wallet_path parameter, but instead of pointing it to a file you use 'system:' (to colon at the end matters!).
Examples
Here are some examples.
Globally setting the wallet location
The first example is courtesy of Connor McDonald. This snippet was taken from https://github.com/connormcd/misc-scripts) and it shows you how to call utl_http.set_wallet once. Every future call will respect the location until it’s changed again.
set serverout ondeclare p_url varchar2(100) := 'https://www.oracle.com'; l_http_request utl_http.req; l_http_response utl_http.resp; l_text varchar2(32767);begin UTL_HTTP.SET_WALLET('system:'); l_http_request := utl_http.begin_request(p_url); l_http_response := utl_http.get_response(l_http_request); utl_http.read_text(l_http_response, l_text, 32766); dbms_output.put_line(substr(l_text,1,100)); exception when utl_http.end_of_body then utl_http.end_response(l_http_response);end;/
Note how in line 8 the wallet location is set to the operating system’s certificate store.
Setting the wallet location per call
If you don’t want to set the location globally you can do so per call. The previous example can be rewritten as follows, specifying the wallet_path in the request context variable:
set serverout ondeclare p_url varchar2(100) := 'https://www.oracle.com'; l_req_ctx utl_http.request_context_key; l_http_request utl_http.req; l_http_response utl_http.resp; l_text varchar2(32767);begin l_req_ctx := utl_http.create_request_context( wallet_path => 'system:', enable_cookies => true, max_cookies => 300, max_cookies_per_site => 20 ); l_http_request := utl_http.begin_request( url => p_url, request_context => l_req_ctx ); l_http_response := utl_http.get_response(l_http_request); utl_http.read_text(l_http_response, l_text, 32766); dbms_output.put_line(substr(l_text,1,100)); exception when utl_http.end_of_body then utl_http.end_response(l_http_response);end;/
That’s it! Happy Coding!
Summary
Oracle Database 19c supports using the operating system’s certificate store for HTTPS connections, eliminating the need for Oracle wallets in many cases. Originally introduced in release 23c and later backported, this feature simplifies certificate management—if the OS trusts a certificate, the database does too.
To enable it, set the wallet_path to 'system:', either globally via UTL_HTTP.SET_WALLET or per request using a request context. This approach reduces operational overhead and streamlines secure connectivity, making HTTPS calls from the database much easier to manage.
Martins Blog 