Home » RDBMS Server » Security » TDE: Closing wallet using "alter system set encryption wallet close;" (Oracle 11g)
TDE: Closing wallet using "alter system set encryption wallet close;" [message #625693] Mon, 13 October 2014 05:26 Go to next message
zaff
Messages: 50
Registered: July 2008
Member
Hi,
I'm able to open a tde wallet using the following command:

alter system set encryption wallet open identified by "mypassword123"'


SQL> select inst_id,wrl_parameter,status from gv$encryption_wallet;

INST_ID WRL_PARAMETER STATUS
---------- -------------------------------------------------- ------------------
1 /tdewallet/ewallet OPEN
2 /tdewallet/ewallet OPEN
4 /tdewallet/ewallet OPEN
3 /tdewallet/ewallet OPEN

However, I'm unable to close the wallet using the following command:

ALTER SYSTEM SET ENCRYPTION WALLET CLOSE;


Am I missing anything?

Thanks,
Zaff
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625695 is a reply to message #625693] Mon, 13 October 2014 05:28 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

You miss to tell us what does "I am unable to close" mean.

Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625696 is a reply to message #625693] Mon, 13 October 2014 05:30 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
You need to give the password to open and to close the wallet. Unless it is autologin (which it should usually be).
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625699 is a reply to message #625695] Mon, 13 October 2014 05:37 Go to previous messageGo to next message
zaff
Messages: 50
Registered: July 2008
Member
Hi Michel,
Just some background; As part of the backup process, I need to backup the tde wallet along with the encrypted data. It seems that in order to backup the tde wallet, I first need to close it i.e disable access to the master key. After the wallet has been backed up, the wallet will be re-opened.

So, I would like to know how i can close the wallet so that i can back it up. It seems
ALTER SYSTEM SET ENCRYPTION WALLET CLOSE;
is the right command. However, this has not worked.

Thanks,
Zabair
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625700 is a reply to message #625699] Mon, 13 October 2014 05:40 Go to previous messageGo to next message
zaff
Messages: 50
Registered: July 2008
Member
Hi John,
The command also does not work with the password:

alter system set wallet close identified by "mypassword123";


Thanks,
Zabair
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625701 is a reply to message #625700] Mon, 13 October 2014 05:44 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
"does not work" is not an Oracle error message.
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625703 is a reply to message #625701] Mon, 13 October 2014 05:55 Go to previous messageGo to next message
zaff
Messages: 50
Registered: July 2008
Member
Hi John,
I don't get an error message. After running the command
ALTER SYSTEM SET ENCRYPTION WALLET CLOSE;
.....i get "System altered." as output from SQLPLus. However, when I the check the status of the wallet, it's shows as still open:

select inst_id,wrl_parameter,status from gv$encryption_wallet;


INST_ID WRL_PARAMETER STATUS
---------- -------------------------------------------------- ------------------
1 /tdewallet/ewallet OPEN
4 /tdewallet/ewallet OPEN
3 /tdewallet/ewallet OPEN
2 /tdewallet/ewallet OPEN

......so in my view, the command "does not work".

Thanks,
Zabair
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625704 is a reply to message #625703] Mon, 13 October 2014 05:57 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
And if you use the correct command?
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625706 is a reply to message #625704] Mon, 13 October 2014 06:01 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

And what is your complete Oracle version: "select * from v$version;"?

Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625707 is a reply to message #625706] Mon, 13 October 2014 06:05 Go to previous messageGo to next message
zaff
Messages: 50
Registered: July 2008
Member
Hi Michel - Details below:

SQL> select * from v$version;

BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for IBM/AIX RISC System/6000: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625708 is a reply to message #625707] Mon, 13 October 2014 06:12 Go to previous messageGo to next message
zaff
Messages: 50
Registered: July 2008
Member
Hi John,
If by "correct command" you mean
alter system set encryption wallet close identified by "mypassword123";
then this also gives the same "System altered." as output. However the wallet status remains as OPEN.
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625709 is a reply to message #625708] Mon, 13 October 2014 06:23 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
Yes, that is what I meant: the correct command. That is how I have always done it. I cannot assist further.
Some one else may be able to help, particularly if you actually copy/paste what happens.

Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625711 is a reply to message #625709] Mon, 13 October 2014 07:19 Go to previous messageGo to next message
zaff
Messages: 50
Registered: July 2008
Member
Also, the wallet has been configured with auto login;
orapki wallet create wallet /tdewallet/ewallet pwd <password> -[b]auto_login[/b]
. So should be able to close the wallet without the password.
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625712 is a reply to message #625711] Mon, 13 October 2014 07:23 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
It really does help if you tell the full story, you know.

You have it all wrong. The orapki utility does not create a TDE wallet. It creates a wallet used for storing digital certificates, which is totally different. You need to to go back to the Advanced Security Guide, and start again.
Re: TDE: Closing wallet using "alter system set encryption wallet close;" [message #625713 is a reply to message #625712] Mon, 13 October 2014 07:34 Go to previous message
zaff
Messages: 50
Registered: July 2008
Member
Hi John - The problem is that i'm not the one who setup tde in our environments, but i'm now having to pick this up (with very little in-house documentation + no previous tde experience). So i'm learning as i go along.
Previous Topic: Steps to configure LDAP (OID) for authentication in exiting database (11.2.0.4, RAC, ASM, RHEL 5)
Next Topic: Performing Auditing
Goto Forum:
  


Current Time: Thu Mar 28 06:30:34 CDT 2024