There are multiple ways to specify Oracle Wallet locations. Make sure you use "select wrl_parameter from v$encryption_wallet" to find out where the Oracle instance "think" the location should be.
Method 1: set Wallet location using "wallet_root" initialisation parameter (In this case, don't not need to specify keystone location in the SQL command lines)
SQL> alter system set wallet_root='/u01/app/oracle/admin/orcl/wallet' scope=spfile;
SQL> shutdown immediate
SQL> startup
SQL> alter system set tde_configuration='keystore_configuration=file' scope=both;
SQL> select con_id, keystore_mode from v$encryption_wallet;
CON_ID KEYSTORE
---------- --------
1 NONE
2 UNITED
3 UNITED
SQL> administer key management create keystore identified by Welcome123;
SQL> administer key management create auto_login keystore from keystore identified by Welcome123;
SQL> ! ls -l /u01/app/oracle/admin/orcl/wallet/tde/
total 8
-rw------- 1 oracle oinstall 2600 Aug 16 09:26 cwallet.sso
-rw------- 1 oracle oinstall 2555 Aug 16 09:22 ewallet.p12
SQL> administer key management set keystore open force keystore identified by Welcome123 container=all;
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID
-------------------- --------------------------------------------- -------------------- -------------------- --------- -------- --------- ----------
FILE /u01/app/oracle/admin/orcl/wallet/tde/ OPEN_NO_MASTER_KEY PASSWORD SINGLE NONE UNDEFINED 1
FILE CLOSED UNKNOWN SINGLE UNITED UNDEFINED 2
FILE OPEN_NO_MASTER_KEY PASSWORD SINGLE UNITED UNDEFINED 3
administer key management set key force keystore identified by Welcome123 with backup;
SQL> administer key management set key force keystore identified by Welcome123 with backup;
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID
-------------------- --------------------------------------------- -------------------- -------------------- --------- -------- --------- ----------
FILE /u01/app/oracle/admin/orcl/wallet/tde/ OPEN PASSWORD SINGLE NONE NO 1
FILE CLOSED UNKNOWN SINGLE UNITED UNDEFINED 2
FILE OPEN_NO_MASTER_KEY PASSWORD SINGLE UNITED UNDEFINED 3
SQL> alter session set container=PDB1;
Session altered.
SQL> administer key management set key force keystore identified by Welcome123 with backup;
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID
-------------------- --------------------------------------------- -------------------- -------------------- --------- -------- --------- ----------
FILE OPEN PASSWORD SINGLE UNITED NO 3
SQL> SELECT con_id, key_id FROM v$encryption_keys;
CON_ID KEY_ID
---------- ------------------------------------------------------------------------------
3 Aex7NbwgzU+Nv346V0TJXRkAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Method 2: Set Wallet location in $ORACLE_HOME/network/admin/sqlnet.ora using "ENCRYPTION_WALLET_LOCATION" or "WALLET_LOCATION" (In this case, please specify keystone location in the SQL command lines)
ENCRYPTION_WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/admin/orcl/wallet)
)
)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/admin/orcl/wallet)
)
)
SQL> administer key management create keystore '/u01/app/oracle/admin/orcl/wallet' identified by Welcome123;
SQL> administer key management create auto_login keystore from keystore '/u01/app/oracle/admin/orcl/wallet' identified by Welcome123;
SQL> ! ls -l /u01/app/oracle/admin/orcl/wallet
total 8
-rw------- 1 oracle oinstall 2600 Aug 16 08:55 cwallet.sso
-rw------- 1 oracle oinstall 2555 Aug 16 08:50 ewallet.p12
No comments:
Post a Comment