Forum Stats

  • 3,741,461 Users
  • 2,248,431 Discussions
  • 7,861,819 Comments

Discussions

Cannot create wallet in oracle 12c

JijoAC
JijoAC Member Posts: 9
edited Jul 15, 2019 6:06PM in Database Security - General

I am trying to implement oracle Transparent Data Encryption.

I have updated sqlnet.ora with

ENCRYPTION_WALLET_LOCATION = (SOURCE =

                                  (METHOD = FILE)

                                  (METHOD_DATA =

                                  (DIRECTORY = D:\app\ora12c\WALLETS\)))

Then I restart service and tried to run command.

ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "biju$7777"

from SYS (SYSDBA) user, But I got following error

SQL Error: ORA-28368: cannot auto-create wallet

28368. 0000 -  "cannot auto-create wallet"

*Cause:    The database failed to auto create an Oracle wallet. The Oracle

           process may not have proper file permissions or a wallet may

           already exist.

*Action:   Confirm that proper directory permissions are granted to the Oracle

           user and that neither an encrypted or obfuscated wallet exists in

           the specified wallet location and try again.

JijoAC

Answers

  • Emad Al-Mousa
    Emad Al-Mousa Member Posts: 716 Bronze Trophy
    edited Jun 5, 2019 4:28AM

    Hi,

    it seems you are performing that on "windows" OS ....correct ?

    right click D:\app\ora12c\WALLETS folder ----> properties-----> security----> then add your Oracle Service Account

    your Oracle Service Account can be found from "Computer Management"----> services

    ensure your "Oracle" OS service account has full permission on the folder

    Regards,

    Emad.

  • JijoAC
    JijoAC Member Posts: 9
    edited Jun 5, 2019 6:15AM

    Thank you Emad,

      We are working on windows OS, we have given full permissions to oracle service account. Still we are getting the same "SQL Error: ORA-28368: cannot auto-create wallet" Error.

    ora.png

    Regards

    Jijo

  • Hany Ezzat -Oracle
    Hany Ezzat -Oracle Member Posts: 90 Employee
    edited Jun 5, 2019 7:26AM

    Hello JijoAC ,

    Please set up the Wallet or key store properly .. you are missing this setup  from sql prompt "ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'keystore_location' IDENTIFIED BY software_keystore_password; "

    additional and complete reference https://docs.oracle.com/database/121/ASOAG/configuring-transparent-data-encryption.htm#ASOAG10282

    Enjoy

    Hany Ezzat

    JijoAC
  • Emad Al-Mousa
    Emad Al-Mousa Member Posts: 716 Bronze Trophy
    edited Jun 5, 2019 11:54AM

    Hi,

    SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'D:\app\ora12c\WALLETS\' IDENTIFIED BY XXXX;

    SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY XXXX;

    SQL> ADMINISTER KEY MANAGEMENT SET ENCRYPTION KEY IDENTIFIED BY XXXX WITH BACKUP USING XXXX;

    For verification useful queries:

    SELECT * FROM v$encryption_wallet;

    SELECT con_id, key_id FROM v$encryption_keys;

    Regards,

    JijoACJijoAC
  • Gaurav Kamal - Oracle-Oracle
    Gaurav Kamal - Oracle-Oracle Member Posts: 27
    edited Jul 12, 2019 1:51PM

    Is this still an issue?

  • JijoAC
    JijoAC Member Posts: 9
    edited Jul 15, 2019 8:06AM

    Thank you,

    Now We have created the Wallet. There was a path problem in the path that we fixed.

    But now we are not able to create the wallet/ Keystore

    we used the command

    ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'C:\app\WALLETS\' IDENTIFIED BY "[email protected]";

    Then we got an error is,

    Error starting at line : 1 in command -

    ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'C:\app\WALLETS\' IDENTIFIED BY "[email protected]";

    Error report -

    SQL Error: ORA-01031: insufficient privileges

    01031. 00000 -  "insufficient privileges"

    *Cause:    An attempt was made to perform a database operation without

               the necessary privileges.

    *Action:   Ask your database administrator or designated security

               administrator to grant you the necessary privileges

    We are running this command from our user "TEST_DATA", we applied SYSKM and SYSDBA privileges to this user by using,

    GRANT SYSDBA TO TEST_DATA

    /

    GRANT SYSKM TO TEST_DATA

    /

    What are the privileges need to create keystore?

    Could you please help me to resolve these securities issues

    Thank you

    Jijomon A.C.

  • Gaurav Kamal - Oracle-Oracle
    Gaurav Kamal - Oracle-Oracle Member Posts: 27
    edited Jul 15, 2019 6:06PM

    The Privilege needed is SYSKM which i see you already have provided.

    Please check the directory and file permission for the User.

    Make sure you have started the Services with the correct Admin or OS user and connecting via the same user.

Sign In or Register to comment.