Fails To Open / Create The Wallet: ORA-28353 [ID 395252.1]

In this Document

Applies to:

Symptoms

Trying to create the encryption key and hence the wallet file for the first time fails with the following errors:

or

Changes

On some 64-bit platforms the default wallet location may not work as documented, this was ultimately identified as a porting issue and it has been fixed in RDBMS version 11g, and in patchset 10.2.0.4 (and higher). 
Therefore, and also because it is best practice to know and determine the wallet location deliberately (since it is a pretty important file), please consider to always set the ENCRYPTION_WALLET_LOCATION in the sqlnet.ora file.

Comment: If you have specified an ENCRYPTION_WALLET_LOCATION in your sqlnet.ora file you should not have the problem writing to any default location, in that case check for the proper format and indentation of your sqlnet.ora file.

Cause

The location for the ewallet.p12 file can be any of the following :

$ORACLE_BASE/admin/WALLET 

$ORACLE_BASE/admin/$ORACLE_SID/WALET

$ORACLE_BASE/admin

Comment: In a RAC system there is a difference between the Oracle database name and the ORACLE_SID, it will use the $ORACLE_BASE/admin//WALLET as a default location.

Solution

1. Set in sqlnet.ora one of the following entries :

In each case make sure the directory exists on the filesystem and is accessible by the oracle software owner.

2. Create the wallet file and set the encryption key :

When you have more than one database on the server, especially if they share the same $ORACLE_HOME, then they will by default share the same sqlnet.ora file and be pointed to the same wallet. This can be overcome by using a TNS_ADMIN variable to allow each database to look at a different directory, but it also requires additional effort to maintain separate tnsnames.ora and listener.ora files.