Fails To Open / Create The Wallet: ORA-28353 [ID 395252.1]

renjixinchina發表於2013-05-07
AI
Fails To Open / Create The Wallet: ORA-28353 [ID 395252.1]To BottomTo Bottom
Modified:19-Nov-2012Type:PROBLEMStatus:PUBLISHEDPriority:3
There are no commentsComments (0)Rate this documentEmail link to this documentOpen document in new windowPrintable Page

In this Document

Symptoms
Changes
Cause
Solution
References

Applies to:

Oracle Server - Enterprise Edition - Version 10.2.0.1 to 10.2.0.3 [Release 10.2]
Oracle Solaris on SPARC (64-bit)
IBM AIX on POWER Systems (64-bit)
***Checked for relevance on 19-Nov-2012*** 

Symptoms

Trying to create the encryption key and hence the wallet file for the first time fails with the following errors:

 

SQL> alter system set encryption key authenticated by "welcome1";
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "welcome1"
*
ERROR at line 1:
ORA-28368: cannot auto-create wallet

or

 

SQL> alter system set encryption key authenticated by "welcome1";
alter system set encryption key authenticated by "welcome1"
*
ERROR at line 1:
ORA-28353: failed to open wallet 


Changes

On some 64-bit platforms the default wallet location may not work as documented, this was ultimately identified as a porting issue and it has been fixed in RDBMS version 11g, and in patchset 10.2.0.4 (and higher). 
Therefore, and also because it is best practice to know and determine the wallet location deliberately (since it is a pretty important file), please consider to always set the ENCRYPTION_WALLET_LOCATION in the sqlnet.ora file.

Comment: If you have specified an ENCRYPTION_WALLET_LOCATION in your sqlnet.ora file you should not have the problem writing to any default location, in that case check for the proper format and indentation of your sqlnet.ora file.

Cause

The location for the ewallet.p12 file can be any of the following :

$ORACLE_BASE/admin/WALLET 

$ORACLE_BASE/admin/$ORACLE_SID/WALET

$ORACLE_BASE/admin

Comment: In a RAC system there is a difference between the Oracle database name and the ORACLE_SID, it will use the $ORACLE_BASE/admin//WALLET as a default location.

Solution

1. Set in sqlnet.ora one of the following entries :

 

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/WALLET)))

 

 

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin//WALLET )))

 

 

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin)))


In each case make sure the directory exists on the filesystem and is accessible by the oracle software owner.

2. Create the wallet file and set the encryption key :

 

SQL> alter system set encryption key authenticated by "abcde";
Sytem altered.

SQL> ! ls -l admin/WALLET
total 8
-rw------- 1 oracle dba 1309 Oct 13 10:31 ewallet.p12 

 

When you have more than one database on the server, especially if they share the same $ORACLE_HOME, then they will by default share the same sqlnet.ora file and be pointed to the same wallet. This can be overcome by using a TNS_ADMIN variable to allow each database to look at a different directory, but it also requires additional effort to maintain separate tnsnames.ora and listener.ora files.

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/15747463/viewspace-760028/,如需轉載,請註明出處,否則將追究法律責任。

相關文章