How to setup TDE Wallet on Oracle 12c RAC - Exadata
1) Create wallet directory on both nodes @ oracle user.
mkdir -p /u01/app/oracle/WALLETS/PROD
chown -R oracle:oinstall /u01/app/oracle/WALLETS/PROD
2) Configure $ORACLE_HOME/network/admin/sqlnet.ora as follows on both nodes @ oracle user.
NAMES.DIRECTORY_PATH=(TNSNAMES,EZCONNECT)
ENCRYPTION_WALLET_LOCATION =
(SOURCE = (METHOD = FILE) (METHOD_DATA =
(DIRECTORY=/u01/app/oracle/WALLETS/$ORACLE_UNQNAME/)))
3) Create the wallet by using node1 login @ oracle user.
SQL> administer key management create keystore '/u01/app/oracle/WALLETS/PROD/' identified by "pass****";
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/WALLETS/PROD/
CLOSED UNKNOWN SINGLE UNDEFINED
0
4) Set the keystore and open the wallet on node1 login @ oracle user.
SQL> administer key management set keystore open identified by pass****;
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/WALLETS/PROD/
OPEN_NO_MASTER_KEY PASSWORD SINGLE UNDEFINED
0
5) Create the wallet key with backup on node1 login @ oracle user.
SQL> administer key management create key identified by pass**** with backup;
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/WALLETS/PROD/
OPEN_NO_MASTER_KEY PASSWORD SINGLE UNDEFINED
0
6) Find the key ID by using below query.
SQL> select key_id from v$encryption_keys;
KEY_ID
------------------------------------------------------------------------------
Afcmud4kr09+vxvVLeckIRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
7) Register the wallet by using above key ID.
SQL> administer key management use key 'Afcmud4kr09+vxvVLeckIRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' identified by pass**** with backup;
keystore altered.
SQL> select key_id,activation_time from v$encryption_keys;
KEY_ID
------------------------------------------------------------------------------
ACTIVATION_TIME
---------------------------------------------------------------------------
Afcmud4kr09+vxvVLeckIRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
13-JUL-16 11.36.24.990806 AM +00:00
8) Check the wallet is open or not by below query.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/WALLETS/PROD/
OPEN PASSWORD SINGLE NO
0
9) Copy the below files to node2 @ oracle user.
[oracle@exaprddb01 admin]$ cd /u01/app/oracle/WALLETS/PROD/
[oracle@exaprddb01 PROD]$ ls -lrt
total 12
-rw-r--r-- 1 oracle asmadmin 2408 Jul 13 14:35 ewallet_2016071311353656.p12
-rw-r--r-- 1 oracle asmadmin 3664 Jul 13 14:36 ewallet_2016071311362496.p12
-rw-r--r-- 1 oracle asmadmin 3848 Jul 13 14:36 ewallet.p12
[oracle@exaprddb01 PROD]$ scp * dexadbadm02:/u01/app/oracle/WALLETS/PROD/
ewallet_2016071311353656.p12 100% 2408 2.4KB/s 00:00
ewallet_2016071311362496.p12 100% 3664 3.6KB/s 00:00
ewallet.p12 100% 3848 3.8KB/s 00:00
[oracle@exaprddb01 PROD]$
mkdir -p /u01/app/oracle/WALLETS/PROD
chown -R oracle:oinstall /u01/app/oracle/WALLETS/PROD
2) Configure $ORACLE_HOME/network/admin/sqlnet.ora as follows on both nodes @ oracle user.
NAMES.DIRECTORY_PATH=(TNSNAMES,EZCONNECT)
ENCRYPTION_WALLET_LOCATION =
(SOURCE = (METHOD = FILE) (METHOD_DATA =
(DIRECTORY=/u01/app/oracle/WALLETS/$ORACLE_UNQNAME/)))
3) Create the wallet by using node1 login @ oracle user.
SQL> administer key management create keystore '/u01/app/oracle/WALLETS/PROD/' identified by "pass****";
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/WALLETS/PROD/
CLOSED UNKNOWN SINGLE UNDEFINED
0
4) Set the keystore and open the wallet on node1 login @ oracle user.
SQL> administer key management set keystore open identified by pass****;
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/WALLETS/PROD/
OPEN_NO_MASTER_KEY PASSWORD SINGLE UNDEFINED
0
5) Create the wallet key with backup on node1 login @ oracle user.
SQL> administer key management create key identified by pass**** with backup;
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/WALLETS/PROD/
OPEN_NO_MASTER_KEY PASSWORD SINGLE UNDEFINED
0
6) Find the key ID by using below query.
SQL> select key_id from v$encryption_keys;
KEY_ID
------------------------------------------------------------------------------
Afcmud4kr09+vxvVLeckIRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
7) Register the wallet by using above key ID.
SQL> administer key management use key 'Afcmud4kr09+vxvVLeckIRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' identified by pass**** with backup;
keystore altered.
SQL> select key_id,activation_time from v$encryption_keys;
KEY_ID
------------------------------------------------------------------------------
ACTIVATION_TIME
---------------------------------------------------------------------------
Afcmud4kr09+vxvVLeckIRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
13-JUL-16 11.36.24.990806 AM +00:00
8) Check the wallet is open or not by below query.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/WALLETS/PROD/
OPEN PASSWORD SINGLE NO
0
9) Copy the below files to node2 @ oracle user.
[oracle@exaprddb01 admin]$ cd /u01/app/oracle/WALLETS/PROD/
[oracle@exaprddb01 PROD]$ ls -lrt
total 12
-rw-r--r-- 1 oracle asmadmin 2408 Jul 13 14:35 ewallet_2016071311353656.p12
-rw-r--r-- 1 oracle asmadmin 3664 Jul 13 14:36 ewallet_2016071311362496.p12
-rw-r--r-- 1 oracle asmadmin 3848 Jul 13 14:36 ewallet.p12
[oracle@exaprddb01 PROD]$ scp * dexadbadm02:/u01/app/oracle/WALLETS/PROD/
ewallet_2016071311353656.p12 100% 2408 2.4KB/s 00:00
ewallet_2016071311362496.p12 100% 3664 3.6KB/s 00:00
ewallet.p12 100% 3848 3.8KB/s 00:00
[oracle@exaprddb01 PROD]$
Comments
Post a Comment