How to set up the Oracle Wallets in Oracle Database 21C/19C
Posted by Mir Sayeed Hassan on November 1st, 2023
How to set up the Oracle Wallets in Oracle Database
Brief about the Oracle Wallets
The Oracle Wallet is a container or we can called it as repository that stores authentication and credentials such as certificates, certificate requests, and private keys., By using this we can connect to db without providing the schema name & password, Password will be connected by using the TNS ALIES name & hence the schema are encrypted & stored in the oracle wallets.
Let us configure the schema password by using the wallets.
Create a directory to store the wallets.
[oracle@ora21cdb ~]$ mkdir -p /u01/app/wallets
Create a wallet & provide the wallet password.
[oracle@ora21cdb ~]$ mkstore -wrl /u01/app/wallets/ -create Oracle Secret Store Tool Release 21.0.0.0.0 - Production Version 21.3.0.0.0 Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights reserved. Enter password: Mirorawalltes123! Enter password again: Mirorawalltes123!
Verify the wallets created in directory.
[oracle@ora21cdb wallets]$ ll total 8 -rw-------. 1 oracle oinstall 194 Nov 1 14:38 cwallet.sso -rw-------. 1 oracle oinstall 0 Nov 1 14:38 cwallet.sso.lck -rw-------. 1 oracle oinstall 149 Nov 1 14:38 ewallet.p12 -rw-------. 1 oracle oinstall 0 Nov 1 14:38 ewallet.p12.lck
Check the status of listener
[oracle@ora21cdb ~]$ lsnrctl status
Note: listener should be in running state.
Configure SQLNET.ORA file with WALLET_OVERRIDE & WALLET_LOCATION Parameters.
Note: WALLET_LOCATION is where the wallets are created & stored
WALLET_OVERRIDE will override the DB schema credentials & stored in the wallet
[oracle@ora21cdb ~]$ cd $ORACLE_HOME/network/admin [oracle@ora21cdb admin]$ vi sqlnet.ora ####WALLET_OVERRIDE PARAMETER CONFIG######## SQLNET.WALLET_OVERRIDE=TRUE SSL_CLIENT_AUTHENTICATION=FALSE SSL_VERSION=0 ####WALLET_LOCATION PARAMETER CONFIG######## WALLET_LOCATION= (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY= /u01/app/wallets) ) )
Connect to database & create a user to perform the wallet configuration.
[oracle@ora21cdb ~]$ sqlplus / as sysdba
Create a user
SQL> create user mir_wallets identified by mirwallets quota unlimited on users; User created.
Grant connect, resource privilege to user.
SQL> grant connect, resource to mir_wallets; Grant succeeded.
Set the schema password by using the above created wallet.
[oracle@ora21cdb wallets]$ mkstore -wrl /u01/app/wallets/ -createCredential ora21c mir_wallets Oracle Secret Store Tool Release 21.0.0.0.0 - Production Version 21.3.0.0.0 Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights reserved. Your secret/Password is missing in the command line Enter your secret/Password: Re-enter your secret/Password: Enter wallet password:
NOTE: SECRET PASSWORD is your above created schema password : In my case schema password is “mir_wallets”
WALLET PASSWORD is your above created wallet password : In my case wallet password is “Mirorawalltes123!”
Finally lets connect to the schema with the giben TNS ALIES as sqlplus /@TNS_ALIES.
[oracle@ora21cdb wallets]$ sqlplus /@ora21c SQL*Plus: Release 21.0.0.0.0 - Production on Wed Nov 1 14:53:46 2023 Version 21.3.0.0.0 Copyright (c) 1982, 2021, Oracle. All rights reserved. Connected to: Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production Version 21.3.0.0.0 SQL> show user USER is "MIR_WALLETS"
Note: We don’t provide the username & password, Therefore this will connect directory to the schema “mir_walltes”
I have tested into the ORACLE 21C., you can fallow the same procedure for 19C db or higher.
To configure for many schemas, you should have a separate TNS Entry for every schemas & configure the password with wallets.
=====Hence tested & verified in our test env=====