Monday, August 16, 2021

How to troubleshoot "ORA-28367: wallet does not exist"

There are multiple ways to specify Oracle Wallet locations. Make sure you use "select wrl_parameter from v$encryption_wallet" to find out where the Oracle instance "think" the location should be.


Method 1: set Wallet location using "wallet_root" initialisation parameter (In this case, don't not need to specify keystone location in the SQL command lines)


SQL> alter system set wallet_root='/u01/app/oracle/admin/orcl/wallet' scope=spfile;

SQL> shutdown immediate

SQL> startup

SQL> alter system set tde_configuration='keystore_configuration=file' scope=both;


SQL> select con_id, keystore_mode from v$encryption_wallet;

    CON_ID KEYSTORE

---------- --------

     1 NONE

     2 UNITED

     3 UNITED

SQL> administer key management create keystore identified by Welcome123;

SQL> administer key management create auto_login keystore from keystore identified by Welcome123;



SQL> ! ls -l /u01/app/oracle/admin/orcl/wallet/tde/

total 8

-rw------- 1 oracle oinstall 2600 Aug 16 09:26 cwallet.sso

-rw------- 1 oracle oinstall 2555 Aug 16 09:22 ewallet.p12


SQL> administer key management set keystore open force keystore identified by Welcome123 container=all;

SQL>  select * from v$encryption_wallet;

WRL_TYPE         WRL_PARAMETER                 STATUS       WALLET_TYPE      WALLET_OR KEYSTORE FULLY_BAC     CON_ID

-------------------- --------------------------------------------- -------------------- -------------------- --------- -------- --------- ----------

FILE             /u01/app/oracle/admin/orcl/wallet/tde/    OPEN_NO_MASTER_KEY   PASSWORD         SINGLE    NONE UNDEFINED      1

FILE                                   CLOSED       UNKNOWN          SINGLE    UNITED   UNDEFINED      2

FILE                                   OPEN_NO_MASTER_KEY   PASSWORD         SINGLE    UNITED   UNDEFINED      3

administer key management set key force keystore identified by Welcome123 with backup; 

SQL> administer key management set key force keystore identified by Welcome123 with backup; 

keystore altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE         WRL_PARAMETER                 STATUS       WALLET_TYPE      WALLET_OR KEYSTORE FULLY_BAC     CON_ID

-------------------- --------------------------------------------- -------------------- -------------------- --------- -------- --------- ----------

FILE             /u01/app/oracle/admin/orcl/wallet/tde/    OPEN         PASSWORD         SINGLE    NONE NO         1

FILE                                   CLOSED       UNKNOWN          SINGLE    UNITED   UNDEFINED      2

FILE                                   OPEN_NO_MASTER_KEY   PASSWORD         SINGLE    UNITED   UNDEFINED      3

SQL> alter session set container=PDB1;


Session altered.

SQL> administer key management set key force keystore identified by Welcome123 with backup; 

keystore altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE         WRL_PARAMETER                 STATUS       WALLET_TYPE      WALLET_OR KEYSTORE FULLY_BAC     CON_ID

-------------------- --------------------------------------------- -------------------- -------------------- --------- -------- --------- ----------

FILE                                   OPEN         PASSWORD         SINGLE    UNITED   NO         3

SQL> SELECT con_id, key_id FROM v$encryption_keys;

    CON_ID KEY_ID

---------- ------------------------------------------------------------------------------

     3 Aex7NbwgzU+Nv346V0TJXRkAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


Method 2: Set Wallet location in $ORACLE_HOME/network/admin/sqlnet.ora using "ENCRYPTION_WALLET_LOCATION" or "WALLET_LOCATION" (In this case, please specify keystone location in the SQL command lines)


ENCRYPTION_WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = /u01/app/oracle/admin/orcl/wallet)

     )

   )


WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = /u01/app/oracle/admin/orcl/wallet)

     )

   )


SQL> administer key management create keystore '/u01/app/oracle/admin/orcl/wallet' identified by Welcome123;

SQL> administer key management create auto_login keystore from keystore '/u01/app/oracle/admin/orcl/wallet' identified by Welcome123;


SQL>  ! ls -l /u01/app/oracle/admin/orcl/wallet

total 8

-rw------- 1 oracle oinstall 2600 Aug 16 08:55 cwallet.sso

-rw------- 1 oracle oinstall 2555 Aug 16 08:50 ewallet.p12


No comments:

Post a Comment