Skip to Main Content
Forums

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Help wanted with adding Oracle endpoint in Key Vault

P.HuangFeb 18 2020 — edited Mar 17 2020

Hi,

I am testing using key vault to centrally managed wallets. However, I consistently ran into problems when install the key vault agent to the database.

[oracle@fswest agent]$ . oraenv

ORACLE_SID = [ggstb] ?

The Oracle base remains unchanged with value /u01/app/oracle

[oracle@fswest agent]$ java -jar /tmp/okvclient.jar -d /home/oracle/agent/key/ -v

Detected JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre

Detected ORACLE_HOME: /u01/app/oracle/product/19.6.0/dbhome_1

Detected ORACLE_BASE: /u01/app/oracle

Using OKV_HOME: /home/oracle/agent/key/

Please set environment variables ORACLE_HOME, ORACLE_BASE, and OKV_HOME

consistently across processes.

Enter new Key Vault endpoint password (<enter> for auto-login):         

Confirm new Key Vault endpoint password:         

Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.  <---------------------------------------------- Error

[oracle@fswest agent]$ echo $ORACLE_HOME

/u01/app/oracle/product/19.6.0/dbhome_1

[oracle@fswest agent]$ echo $ORACLE_BASE

/u01/app/oracle

[oracle@fswest agent]$ echo $OKV_HOME

[oracle@fswest agent]$

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

FINEST: waiting for the process to close stdout/err.

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

FINEST: done waiting for the process to close stdout/err.

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

FINEST: Error: Unable to get current installed JDK/JRE version.  <--------------------------------------------------------------------------------- Is there special setting needed here?

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler installOkvutil

SEVERE: Error while executing command: %/home/oracle/agent/key//bin/okvutil% install% -v% 3%

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler main

SEVERE: Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.

oracle.okv.platform.common.exception.CommonException: Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.

    at oracle.okv.platform.okvutil.OkvDeployHandler.installOkvutil(OkvDeployHandler.java:379)

    at oracle.okv.platform.okvutil.OkvDeployHandler.install(OkvDeployHandler.java:254)

    at oracle.okv.platform.okvutil.OkvDeployHandler.execute(OkvDeployHandler.java:997)

    at oracle.okv.platform.okvutil.OkvDeployHandler.main(OkvDeployHandler.java:1192)

[oracle@fswest agent]$

Note, if I ran the installer again, it successes.

[oracle@fswest agent]$ java -jar /tmp/okvclient.jar -d /home/oracle/agent/key/ -v

Detected JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre

Detected ORACLE_HOME: /u01/app/oracle/product/19.6.0/dbhome_1

Detected ORACLE_BASE: /u01/app/oracle

Using OKV_HOME: /home/oracle/agent/key/

Please set environment variables ORACLE_HOME, ORACLE_BASE, and OKV_HOME

consistently across processes.

The endpoint software for Oracle Key Vault upgraded successfully.

[oracle@fswest agent]$

If I proceed and ignore the above error, I am unable to open the wallet...

[root@fswest ~]# /home/oracle/agent/key/bin/root.sh

Creating directory: /opt/oracle/extapi/64/hsm/oracle/1.0.0/

Copying PKCS library to /opt/oracle/extapi/64/hsm/oracle/1.0.0/

Setting PKCS library file permissions

Installation successful.

[root@fswest ~]#

[oracle@fswest agent]$ cat /u01/app/oracle/homes/OraDB19Home1/network/admin/sqlnet.ora

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=OKV))

[oracle@fswest agent]$

[oracle@fswest agent]$ sqlplus / as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 18 12:25:23 2020

Version 19.6.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Connected to:

Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production

Version 19.6.0.0.0

SQL> administer key management set keystore open identified by oracle_4U;

administer key management set keystore open identified by oracle_4U

*

ERROR at line 1:

ORA-28353: failed to open wallet

SQL>

SQL> select * from V$encryption_wallet

  2  ;

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

------------------------------ -------------------- --------- -------- ---------

    CON_ID

----------

OKV <------------------------------------------------------------------------------------------------------------------------------------------- use key vault

CLOSED                   UNKNOWN            SINGLE    NONE     UNDEFINED

     1

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

------------------------------ -------------------- --------- -------- ---------

    CON_ID

----------

OKV

CLOSED                   UNKNOWN            SINGLE    UNITED   UNDEFINED

     2

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

------------------------------ -------------------- --------- -------- ---------

    CON_ID

----------

OKV

CLOSED                   UNKNOWN            SINGLE    UNITED   UNDEFINED

     3

SQL>

environment:

DB: Oracle 19.6 CDB on OEL 7

Key Vault: 18.2

Comments

Processing

Post Details

Added on Feb 18 2020
#database-security, #database-security-general
1 comment
857 views