Wallet_type shows "UNKNOWN" for all PDBs after changing wallet password on ExaCC

Recently I changed the sys and wallet password of CDB using this nice blog from my friend Kwame. 


After changing sys and wallet password, when I checked wallet status for all containers, I found wallet_type is UNKNOWN for all PDB's. 

SQL> set linesize 200
SQL> col wallet_dir for a50
SQL> col status for a21
SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

    CON_ID STATUS                WALLET_DIR                                         WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
         1 OPEN                  /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/   AUTOLOGIN
         2 OPEN                                                                     AUTOLOGIN
         5 OPEN                                                                     UNKNOWN
         6 OPEN                                                                     UNKNOWN
         7 OPEN                                                                     UNKNOWN
The Wallet type should be AUTOLOGIN for all PDBS's.

CAUSE: This is happening because we used mkstore utility to modify wallet credentials.

Solution: 1. Disable auto-login by renaming the .sso file 

[oracle@hostname tde]$ mv cwallet.sso cwallet.sso.bkp
2. Close auto-login keystore 

SQL> alter system set wallet close;

System altered.

SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

    CON_ID STATUS                WALLET_DIR                                         WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
         1 CLOSED                /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/   UNKNOWN
         2 CLOSED                                                                   UNKNOWN
         5 CLOSED                                                                   UNKNOWN
         6 CLOSED                                                                   UNKNOWN
         7 CLOSED                                                                   UNKNOWN
3. Open password protected wallet 

SQL> administer key management set keystore open identified by wallet_password;

keystore altered.
4. Re-enable autologin keystore 

SQL> administer key management create auto_login keystore from keystore identified by wallet_password;

keystore altered.
5. Close password protected wallet. (Since we have recreated auto-login wallet back, we can close password-protected keystore to implicitly enable auto-login wallet.) 

SQL> administer key management set keystore close identified by wallet_password;

keystore altered.
6. Now Verify if wallet type is autologin or not 

SQL> select con_id, status, wrl_parameter wallet_dir, wallet_type from v$encryption_wallet;

    CON_ID STATUS                WALLET_DIR                                         WALLET_TYPE
---------- --------------------- -------------------------------------------------- --------------------
         1 OPEN                  /var/opt/oracle/dbaas_acfs/CDB1/wallet_root/tde/   AUTOLOGIN
         2 OPEN                                                                     AUTOLOGIN
         5 OPEN                                                                     AUTOLOGIN
         6 OPEN                                                                     AUTOLOGIN
         7 OPEN                                                                     AUTOLOGIN
And it's BACK! wallet_type shows AUTOLOGIN for all PDB's now.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Analyze Invoices with Oracle Analytics and AI Document Understanding

OCI Document Understanding is an AI service that enables developers to extract text, tables, and other key data from document files through...