ORA-29024: Certificate validation failure

Wmoheb · May 11, 2025, 9:40am

when I try to genrate CSID I got this error
" ORA-29024: Certificate validation failure "
using oracle pl/sql

DECLARE
l_http_req UTL_HTTP.req;
l_http_resp UTL_HTTP.resp;
l_url VARCHAR2(4000) := ‘https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance’;
l_body CLOB := ‘{“csr”: “LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQlFUQ0I2QUlCQURCZ01Rc3dDUVlEVlFRR0V3SlRRVEVXTUJRR0ExVUVDd3dOVW1sNVlXUm9JRUp5WVc1agphREVsTUNNR0ExVUVDZ3djUVd4bFpYTmpieUJTWldGa2VVMXBlQ0JEYjI1amNtVjBaU0JEYnpFU01CQUdBMVVFCkF3d0pNUzFCYkdWbGMyTnZNRll3RUFZSEtvWkl6ajBDQVFZRks0RUVBQW9EUWdBRStoTjJsbllYRWpWTFRSWlAKM1JMc2JCeDgveHlKYXZ4VmNSc28xSGEzdDVzR1lZc01TcEJCL2N5UWdabEUzaEliSWNUSjRaUDdVeEdHZ2lNSgpvRVFVWXFBcE1DY0dDU3FHU0liM0RRRUpEakVhTUJnd0NRWURWUjBUQkFJd0FEQUxCZ05WSFE4RUJBTUNCZUF3CkNnWUlLb1pJemowRUF3SURTQUF3UlFJZ1F1V2kycmNISkZtY0V3V3BKbWNzUkluSmU5TkFVZlB2TnAxQlUxNncKRUlnQ0lRQytFSHBmbXNDM2xNcmhoZFlxeXZuTTRmTVdLaHNvaHFtNTUvWWEzRC80OWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0=”}’;
l_buffer VARCHAR2(32767);
BEGIN
– Initialize HTTP Request
l_http_req := UTL_HTTP.begin_request(l_url, ‘POST’, ‘HTTP/1.1’);

-- Set Headers
UTL_HTTP.set_header(l_http_req, 'accept', 'application/json');
UTL_HTTP.set_header(l_http_req, 'OTP', '534184');
UTL_HTTP.set_header(l_http_req, 'Accept-Version', 'V2');
UTL_HTTP.set_header(l_http_req, 'Content-Type', 'application/json');

-- Send Request Body
UTL_HTTP.write_text(l_http_req, l_body);

-- Get Response
l_http_resp := UTL_HTTP.get_response(l_http_req);

-- Read Response
LOOP
    UTL_HTTP.read_text(l_http_resp, l_buffer);
     :P1_NEW := l_buffer;
END LOOP;

-- Close HTTP Connection
UTL_HTTP.end_response(l_http_resp);

EXCEPTION
WHEN OTHERS THEN
:P1_NEW :='Error: ’ || UTL_HTTP.get_detailed_sqlerrm;
END;

Aturkistani · May 12, 2025, 12:32pm

Dear @Wmoheb,

The submitted CSR is missing the required extensions of the ZATCA template, would you please elaborate on the method that has been used to generate the CSR? of it was obtained using OpenSSL, then please ensure that you include the extensions tag in the generation command so the OpenSSL capture all of the extensions specified in the CSR config file (.CNF)

Some OpenSSL versions (older versions) don’t require such extensions tags to be specified in the generation command, while other versions (newer versions) require the extensions tag to be exist in the CSR generation command, so make sure to take this into your consideration.

Once you generated a new CSR and it was longer in length that this submitted CSR, it will probably get this issue solved, also, kindly share the API response from ZATCA if you still face the issue.

Regards,

Topic		Replies	Views
{"errorCode":"400","errorCategory":"Invalid-CSR","errorMessage":"The provided Certificate Signing Request (CSR) is invalid."} XML and business rules	11	122	May 4, 2025
Invalid CSR - ZATCA Communication error (Bad Request 400) Onboarding, renewal and revocation	8	353	December 15, 2024
Not able to generate Simulation CSIDs Onboarding, renewal and revocation	1	29	January 21, 2025
Invalid-CSR","errorMessage":"The provided Certificate Signing Request (CSR) is invalid Onboarding, renewal and revocation	3	180	February 25, 2025
Error Generate PCSID Invalid-CSR at simulation FATOORA portal and Simulation portal	17	592	February 5, 2025

ORA-29024: Certificate validation failure

when I try to genrate CSID I got this error " ORA-29024: Certificate validation failure " using oracle pl/sql

Related topics

when I try to genrate CSID I got this error
" ORA-29024: Certificate validation failure "
using oracle pl/sql