modify an oracle non auto login wallet to an auto open wallet

March 15, 2014 — 6 Comments

as soon as one wants to use encryption oracle needs a wallet to be created. when using orapki to create the wallet there is an option “-auto_login” that might be used to enable the database to auto open the wallet with each startup. there seems to be a misunderstanding that you might not change this after the wallet was created. let’s see:

orapki wallet create -wallet . -pwd "blabla1234"
Oracle PKI Tool : Version 12.1.0.1
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.

dbs300@oel6.lcsys.ch lcsdb:/oradata/dbs300/wallet $ ls -la
total 12
drwxr-x---  2 lcsdb lcsi 4096 11. Nov 22:54 ./
drwxr-x--- 12 lcsdb lcsi 4096 11. Nov 16:03 ../
-rw-------  1 lcsdb lcsi 2856 11. Nov 22:54 ewallet.p12
-rw-------  1 lcsdb lcsi    0 11. Nov 22:54 ewallet.p12.lck

this created the wallet without the “-auto_login” option, thus requires us to provide the wallet password with each database restart. letting orapki print its help:

orapki wallet -h
Oracle PKI Tool : Version 12.1.0.1
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.

Invalid command: -h
wallet:
create [-wallet [wallet]] [[-pwd ] [-auto_login|-auto_login_local]] | [-auto_login_only]
display [-wallet [wallet]]  [-pwd ]
change_pwd [-wallet [wallet]] [-oldpwd ] [-newpwd ]
add [-wallet [wallet]]   
     <-self_signed [-validity [days]] | [-valid_from [mm/dd/yyyy] -valid_until [mm/dd/yyyy]]
                   [-serial_file ] | [-serial_num ]> 
                    
      [-pwd ] | [-auto_login_only]
                   [-sign_alg ]
remove [-wallet [wallet]] [-dn [dn]] [-trusted_cert_all|-trusted_cert|-user_cert|-cert_req]
     [-pwd ] | [-auto_login_only]
export [-wallet [wallet]] [-dn [dn]] [-cert [filename] | -request [filename]] [-pwd ]
export_trust_chain [-wallet [wallet]] [-certchain [filename]] [-dn [user_cert_dn]] [-pwd ]
upload [-wallet [wallet]] [-ldap [host:port]] [-user [user]] [-userpwd [userpwd]] [-pwd ]
download [-wallet [wallet]] [-ldap [host:nonsslport]] [-user [user]] [-userpwd [userpwd]] [-pwd ]
jks_to_pkcs12 [-wallet [wallet]] [-pwd ] [-keystore [keystore]] [-jkspwd [jkspwd]]
     
pkcs12_to_jks [-wallet [wallet]] [-pwd ] [-jksKeyStoreLoc  -jksKeyStorepwd ]
     [-jksTrustStoreLoc  -jksTrustStorepwd ]
p11_add [-wallet [wallet]] [-p11_lib ] [-p11_tokenlabel ]
     [-p11_tokenpw ] [-p11_certlabel ] [-pwd ]
p11_verify [-wallet [wallet]] [-pwd ]
help

it really seems that you can only provide the “-auto_login” option while creating the wallet but not after that point. well, this is an example of misleading syntax as you actually can change the option with “orapki wallet create” without destroying the original wallet:

orapki wallet create -wallet . -pwd "blabla1234" -auto_login
Oracle PKI Tool : Version 12.1.0.1
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.

dbs300@oel6.lcsys.ch lcsdb:/oradata/dbs300/wallet $ ls -la
total 16
drwxr-x---  2 lcsdb lcsi 4096 11. Nov 22:55 ./
drwxr-x--- 12 lcsdb lcsi 4096 11. Nov 16:03 ../
-rw-------  1 lcsdb lcsi 2901 11. Nov 22:55 cwallet.sso
-rw-------  1 lcsdb lcsi    0 11. Nov 22:55 cwallet.sso.lck
-rw-------  1 lcsdb lcsi 2856 11. Nov 22:54 ewallet.p12
-rw-------  1 lcsdb lcsi    0 11. Nov 22:54 ewallet.p12.lck

a better orapki help or a better syntax might not be too bad :)

Advertisements

6 responses to modify an oracle non auto login wallet to an auto open wallet

  1. 

    Thanks a lot. The article Helped me

  2. 

    thanks for your help… it worked!

  3. 

    will disturb other DBs running from the same ORACLE_HOME

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s