Re: TDE Wallet Management Question

From: <dimensional.dba_at_comcast.net>
Date: Fri, 10 Oct 2014 14:49:33 +0000
Message-ID: <2009070051.6614640.1412952572478.JavaMail.root_at_comcast.net>



I have been using TDE with >30 character pass phrases for the last 3 years.

I normally copy both the wallet and the auto-pen wallet from a single node instead of generating the autoopen wallet on each node. Also check your environment variables, your variable setting in sqlnet.ora and your environemnt variable setting in grid for the wallet.

  • Original Message -----

From: "Stephan Uzzell" <SUzzell_at_MICROS.COM> To: "james.clarence.allen_at_census.gov" <james.clarence.allen_at_census.gov>, Oracle-L_at_freelists.org Cc: "Stephan Uzzell" <SUzzell_at_MICROS.COM> Sent: Friday, October 10, 2014 7:29:08 AM Subject: RE: TDE Wallet Management Question

Hi Jim,

You may want to take a look at MOS Doc 1294017.1 – it suggests you get behavior like this if and when you have a long/complex wallet password. I know that we fought the same thing until we backed our wallet password down to something simpler.

GL,

stephan

Stephan Uzzell | Database Administrator | HGBU Cloud Operations

Mobile: +1 443.864.1725

Oracle Hospitality

Swarthmore, PA | US         

Oracle is committed to developing practices and products that help protect the environment

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of james.clarence.allen_at_census.gov Sent: Friday, 10 October, 2014 10:21
To: Oracle-L_at_freelists.org
Subject: TDE Wallet Management Question

I am just beginning to use TDE (mandated by OIS) in a 2 server RAC environment.

I created the master key wallet for my database and created auto-logon wallet.

I copied the wallet to the second server and created an auto-logon wallet.

In instance #1 (where I created the wallet) I get:

SQL> seleinst_id,status from gv$encrypted_wallet;

INST_ID STATUS

  • ------------------

1 OPEN 2 CLOSE I go over and manually open the wallet on instance #2 and check:

SQL> seleinst_id,status from gv$encrypted_wallet;

INST_ID STATUS

  • ------------------

1 CLOSE 2 OPEN Problem


I couldn't get the wallet to open on both servers. When I opened the wallet

on one server it closed on the other.

Solution


My solution was to bounce the instance and let the auto-logon open the wallet.

After I stopped/started the databasesrvctl I got:

INST_ID STATUS

  • ------------------

1 OPEN 2 OPEN Question


  1. Is this the way it is suppose to work?
  2. Do I have to bounce the instance each time to get the wallet

to open without closing it on the other instance?

I know, I know... The answer is 42 :-)

Sincerely,

Jim Allen
Database Support Lead, MASSDB Staff
Tel: 1-301-763-7501

Cell: 1-202-604-7286
Database Help Desk: X34944
Support Email: James.Clarence.Allen_at_census.gov Internal Website: http://epd.econ.census.gov/offices/massdb/

--

http://www.freelists.org/webpage/oracle-l Received on Fri Oct 10 2014 - 16:49:33 CEST

Original text of this message