3 Replies Latest reply: Feb 20, 2013 9:03 AM by 928970 RSS

    Oracle TDE using wallet

    928970
      Hello I created a wallet on a 11.2.0.3 RAC database and it is stored on a ACFS filesystem. I am having issues as eventhough i close my wallet, when i query gv$encryption_wallet it still shows wallet as open. Below are the settings on my machine

      [oracle@vddb0440a admin]$ cat sqlnet.ora
      ENCRYPTION_WALLET_LOCATION =
      (SOURCE =
      (METHOD = FILE)
      (METHOD_DATA =
      (DIRECTORY = /dcldwallet/wallets/$ORACLE_UNQNAME)
      )
      )
      [oracle@vddb0440a admin]$ srvctl getenv database -d dpvl
      dpvl:
      ORACLE_UNQNAME=dpvl

      [oracle@vddb0440a dpvl]$ pwd
      /dcldwallet/wallets/dpvl
      *[oracle@vddb0440a dpvl]$ ls -ltr*total 8
      -rw------- 1 oracle oinstall 1573 Feb 12 20:44 ewallet.p12
      -rw------- 1 oracle oinstall 1651 Feb 19 17:28 cwallet.sso

      SQL> select * from gv$encryption_wallet;

      INST_ID WRL_TYPE
      ---------- --------------------
      WRL_PARAMETER
      --------------------------------------------------------------------------------
      STATUS
      ------------------
      1 file
      /dcldwallet/wallets/$ORACLE_UNQNAME
      OPEN

      2 file
      /dcldwallet/wallets/$ORACLE_UNQNAME
      OPEN

      SQL> alter system set encryption wallet close ;
      System altered.

      SQL> select * from gv$encryption_wallet;

      INST_ID WRL_TYPE
      ---------- --------------------
      WRL_PARAMETER
      --------------------------------------------------------------------------------
      STATUS
      ------------------
      1 file
      /dcldwallet/wallets/$ORACLE_UNQNAME
      OPEN

      2 file
      /dcldwallet/wallets/$ORACLE_UNQNAME
      OPEN


      Any idea what am i missing here. Any help would be appreciated. Thanks!
        • 1. Re: Oracle TDE using wallet
          Nelson Calero
          Hi,

          Have you created your wallet with -auto_login_local option?
          Then you must read the support note *1204604.1* +"Auto Login Wallet Cannot Be Closed"+ which explains this is the expected behaviour, which was initially reported as a bug +(9081352 - ALTER SYSTEM SET ENCRYPTION WALLET CLOSE DOES NOT CLOSE AUTOLOGIN WALLET)+

          Regards.
          Nelson
          • 2. Re: Oracle TDE using wallet
            928970
            Thanks Nel for reply, but i created auto login without local option and more over we are using 11.2.0.3 as it is a documented bug till 11.2.0.1
            orapki wallet create -wallet "/dcldwallet/wallets/dpvl" -auto_login
            Oracle PKI Tool : Version 11.2.0.3.0 - Production
            Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.

            Enter wallet password:
            [oracle@vddb0440a dpvl]$
            [oracle@vddb0440a dpvl]$ ls -ltr
            total 8
            -rw-r--r-- 1 oracle oinstall 1573 Jan 24 20:46 ewallet.p12
            -rw------- 1 oracle oinstall 1651 Jan 24 20:58 cwallet.sso
            • 3. Re: Oracle TDE using wallet
              928970
              As said above i confirmed its an expected behaviour.

              Edited by: 925967 on Feb 20, 2013 7:02 AM