This content has been marked as final. Show 7 replies
in 11g: (orapki tool)
orapki wallet change_pwd [-wallet [wallet_location]] [-oldpwd oldpassword] [-newpwd newpassword]
I said I do not want to use orapki because of the fact that it corrupts your wallet.
Can you point me to the bug you are referring to where OWM and/or orapki corrupt the wallet? I have never heard about this, and yes, orapki or OWM are your only choices.
Look at my original post, it has the doc ID and bug number from Oracle Support.
and where exactly in that bug says that Wallet manager or orapki corrupts wallet ?? :-)
From Doc 1301365.1
3. Modifying the wallet with OWM or orapki leads to various errors: ORA-600 [ZTSMSTORE FAILED], ORA-28368, ORA-28367, ORA-28362
It is sometimes needed to modify the TDE wallet manually, using OWM or orapki, in order to change the wallet password or to make it auto login.
As a result, subsequent wallet access would fail with one of the errors
ORA-600 [ZTSMSTORE FAILED], ORA-28368, ORA-28367, ORA-28362
The issue affects all Oracle releases using TDE.
Ok it doesn't use the word corrupt but to that is basically what it does because you are unable to open the wallet after OWM or orpki is used. You have to restore your wallet from a backup.
We are running into the same issue. We are on 126.96.36.199 on linux x86-64. We were intending to implement TDE, but found out the known limitations with TDE on 188.8.131.52 were too extreme to feel comfortable enabling this (see Known TDE Wallet Issues [ID 1301365.1]). We also need to update to 184.108.40.206, but because we have a Grid infrastructure and 4-node cluster, the downtime would be extreme to perform the patching. We have a ticket open with oracle to provide patches on 220.127.116.11, but there is no ETA.
There are a few patches that address the ability to recreate the wallet, however applying these patches, caused me to run into the wallet corruption issue where OWM and orapki no longer recognize the password, even though that same password can close and open the wallet correctly from sqlplus.
So at the moment, we are dead in the water on enabling TDE due to these limitations. Our options are to update to 18.104.22.168, or wait for the 22.214.171.124 patches.