0

I'm using Oracle Apex 19.1 on an 18.C database. An Apex application has been calling the Google Books API and getting data successfully.
Recently the Certificate failed. Even though the Expiration Date is December 15, 2021, and today is November 14, 2021, the certificate is failing now. The current (expired / expiring) certificate is: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2

I read the the Google Maps API Certificate Authority (CA) changed, but I can't seem to find out anything about the Google Books API certificate. Is the Books CA changing? If the CA is the same, how do I go about getting a newer certificate from Google Books API?

user3138025
  • 795
  • 4
  • 17
  • 46
  • What exactly is the endpoint you are calling? https://www.googleapis.com/books/ does not seem to have certificate problems as of now. – ax. Nov 22 '21 at 22:31
  • The exact site is https://www.googleapis.com/books/v1/volumes It's part of an Oracle Apex web service request. It uses the http_method 'Get'. The idea is to supply an ISBN and then get a response back. – user3138025 Nov 22 '21 at 23:48
  • As a reminder, The code worked for a year or so. The certificate is expiring. I just don't know how to renew the certificate or get a new one for Google Books API. – user3138025 Nov 23 '21 at 01:21
  • The exact error code is: ORA-29024: Certificate validation failure – user3138025 Nov 23 '21 at 01:32
  • The certificate (a file from Google / GlobalSign which ends in .crt) gets incorporated into the Oracle "Wallet". – user3138025 Nov 23 '21 at 02:03

1 Answers1

1

I read the the Google Maps API Certificate Authority (CA) changed, but I can't seem to find out anything about the Google Books API certificate. Is the Books CA changing? If the CA is the same, how do I go about getting a newer certificate from Google Books API?

If you look at the Google Books API endpoint certificate (eg. call https://www.googleapis.com/books/v1/volumes in a web browser and examine the certificate (Chrome, Firefox)), you will notice that that certificate is valid for all Google APIs (*.googleapis.com), including Maps and Books. So to fix your Books API certificate chain, you can follow the same steps as you would do for the Maps API.

How to do that? Maybe googling for "googleapis certificate chain import", first hit: Google Maps Platform Root CA Migration FAQ:

What to do in a production outage

The primary course of action for you is to install the required root certificates from the trusted Google root CA bundle into the root certificates store your application uses.

Note: This method varies per operating system, possibly even the SSL/TLS library your application uses. Therefore, please always first refer to your system documentation! However, you may still find useful information in section Managing your trusted certificates.

I don't know Oracle Apex nor Oracle Wallet, so I cannot help with that. Your "system documentation" or your local admin might help. Good luck!

ax.
  • 58,560
  • 8
  • 81
  • 72
  • 1
    Thanks ax. That helped solve the problem. I hadn't noticed that a Google certificate is good for ALL API's. I looked at the link you provided, and downloaded the "trusted Google root CA bundle". It provides a ".pem" file and Oracle needs a ".cer". But I edited the .pem with and extracted the certificate # Issuer: C=US, O=Google Trust Services LLC, CN=GTS Root R2. I saved that as file "GoogleTrustServicesCA-R2.crt". It just needed to end in .crt. I used Oracle Wallet Manager to import that file and all is well. Many Many thanks! – user3138025 Nov 23 '21 at 23:01
  • Actually, I had to extract two .crt files. The first one started with the comment # Issuer: C=US, O=Google Trust Services LLC, CN=GTS Root R1. I saved that certificate as GoogleTrustServicesCA-R1.crt. It seems I needed both the ...R1.crt and the ...R2.crt files imported into the Oracle Wallet Manager. – user3138025 Nov 24 '21 at 02:05