This discussion is archived
3 Replies Latest reply: Feb 20, 2013 7:03 AM by 928970 RSS

Oracle TDE using wallet

928970 Newbie
Currently Being Moderated
Hello I created a wallet on a 11.2.0.3 RAC database and it is stored on a ACFS filesystem. I am having issues as eventhough i close my wallet, when i query gv$encryption_wallet it still shows wallet as open. Below are the settings on my machine

[oracle@vddb0440a admin]$ cat sqlnet.ora
ENCRYPTION_WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /dcldwallet/wallets/$ORACLE_UNQNAME)
)
)
[oracle@vddb0440a admin]$ srvctl getenv database -d dpvl
dpvl:
ORACLE_UNQNAME=dpvl

[oracle@vddb0440a dpvl]$ pwd
/dcldwallet/wallets/dpvl
*[oracle@vddb0440a dpvl]$ ls -ltr*total 8
-rw------- 1 oracle oinstall 1573 Feb 12 20:44 ewallet.p12
-rw------- 1 oracle oinstall 1651 Feb 19 17:28 cwallet.sso

SQL> select * from gv$encryption_wallet;

INST_ID WRL_TYPE
---------- --------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS
------------------
1 file
/dcldwallet/wallets/$ORACLE_UNQNAME
OPEN

2 file
/dcldwallet/wallets/$ORACLE_UNQNAME
OPEN

SQL> alter system set encryption wallet close ;
System altered.

SQL> select * from gv$encryption_wallet;

INST_ID WRL_TYPE
---------- --------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS
------------------
1 file
/dcldwallet/wallets/$ORACLE_UNQNAME
OPEN

2 file
/dcldwallet/wallets/$ORACLE_UNQNAME
OPEN


Any idea what am i missing here. Any help would be appreciated. Thanks!
  • 1. Re: Oracle TDE using wallet
    Nelson Calero Journeyer
    Currently Being Moderated
    Hi,

    Have you created your wallet with -auto_login_local option?
    Then you must read the support note *1204604.1* +"Auto Login Wallet Cannot Be Closed"+ which explains this is the expected behaviour, which was initially reported as a bug +(9081352 - ALTER SYSTEM SET ENCRYPTION WALLET CLOSE DOES NOT CLOSE AUTOLOGIN WALLET)+

    Regards.
    Nelson
  • 2. Re: Oracle TDE using wallet
    928970 Newbie
    Currently Being Moderated
    Thanks Nel for reply, but i created auto login without local option and more over we are using 11.2.0.3 as it is a documented bug till 11.2.0.1
    orapki wallet create -wallet "/dcldwallet/wallets/dpvl" -auto_login
    Oracle PKI Tool : Version 11.2.0.3.0 - Production
    Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.

    Enter wallet password:
    [oracle@vddb0440a dpvl]$
    [oracle@vddb0440a dpvl]$ ls -ltr
    total 8
    -rw-r--r-- 1 oracle oinstall 1573 Jan 24 20:46 ewallet.p12
    -rw------- 1 oracle oinstall 1651 Jan 24 20:58 cwallet.sso
  • 3. Re: Oracle TDE using wallet
    928970 Newbie
    Currently Being Moderated
    As said above i confirmed its an expected behaviour.

    Edited by: 925967 on Feb 20, 2013 7:02 AM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points