I'm using Oracle 12c and when I try to create an auto-login keystore with this command :
ADMINISTER KEY MANAGEMENT
CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE
'home/BetaCrasher/app/BetaCrasher/admin/orcl/wallet'
IDENTIFIED BY hello;
I get this error:
ORA-46632: password-based keystore does not exist
I check the path and the file for the keystore is there.
I also tried using this path and it still doesn't work
'home/BetaCrasher/app/BetaCrasher/admin/orcl/wallet/ewallet.p12'
I think you might be missing a leading slash in your path, since it appears to be a full path to the wallet folder.
Also, don't forget to grant access to the path to your Oracle's OS user.
Related
I am trying to install informatica 10.4 on windows but while domain creation, it is throwing me permission issue, but i am running the installer as admin and took the command from logs which was giving issue and ran it in cmd as admin but still the same issue.
I feel installer is trying to add permissions for wrong domain / user.
How to change that to correct domain / user?
error:
OutPut : [ICMD_10033] Command [generateEncryptionKey] failed with error [[INFASETUP_10000] [FrameworkUtils_0006] The encryption key file cannot be generated. [[FrameworkUtils_0022] Failed to find user name [WORKGROUP\SYSTEM] during Informatica service startup, and so cannot grant read and write permissions on the node configuration directory to the user. Verify that the user that started the Informatica service is valid. If you are a Local System User, you can ignore this message as you inherit the read-write permissions.]..].
I am facing this issue in oracle19c.
I have added the following to sqlnet.ora
SQLNET.ALLOWED_LOGON_VERSION_CLIENT = 8
SQLNET.ALLOWED_LOGON_VERSION_SERVER = 8
as well as
SQLNET.AUTHENTICATION_SERVICES = (NONE)
But I am getting:
ORA-01017: invalid username/password: logon denied
I read all over stackoverflow to re-create the password.
I have even tried creating password file as well as changing the password of the user by alter command.
Can any one help me out with the exact steps to re-create password.
You can create a password file using orapwd utility.
Users are added to the password file when they are granted the SYSDBA, SYSOPER, SYSASM, SYSKM, SYSDG or SYSBACKUP privilege.
By default, SYS is the only user that has SYSDBA and SYSOPER privileges. Creating a password file via orapwd enables the remote users to connect with admin privileges.
The basic command to create the password file is
orapwd file=<Password file name> entries=<nnumber of entries allowed> force=<y/n>
There should be no space around =.
Here, You should use force=y to permits overwriting an existing password file.
Cheers!!
I have my single sign on activated on oracle database D1 and other oracle database D2 which has password login method. I don't want to use oracle home Tnsnames.ora file. I created my own tnsnames.ora and added the both the databases.
I set TNS_ADMIN as path under which I give path of location where I keep my tnsnames file.
I try to do sqlplus /#db1 in command prompt then it throws an error saying "invalid username /password"
But when I use sqlplus /#db1 before tsetting TNS_ADMIN parameter, it takes my local tns file (I guess) and login properly.
Now after setting TNS_ADMIN, if I try sqlplus user/pass#DB2 this works properly as DB2 is accessed using password and SSO isn't activated on this server.
Issue is SSO login in SQLplus doesn't work when I set my TNS_ADMIN parameter, tns entries are correct as I use the same db1 which was before activating SSO.
Do I need to add some parameter in sqlnet.ora located at my tnsnsames file to activate my SSO or any special setting DBA do to activate SSO on user and tns so that I can also do the same to use my tnsnames.ora file.
Scenario
cmd > sqlplus /#db1 --Logs successfully
cmd> set TNS_ADMIN=path/tns (my tnsnames.ora file location)
cmd > sqlplus /#db1 --Logs successfully --Fails to login
cmd > sqlplus user/pass#DB2 --Logs successfully
Note that my tnsnames.ora is not changed and is kept original with connection use for db1 when it was password login.
We use Kerberos for this SSO login for oracle sqlnet file in oracle home path, we have set some parameters related to Kerberos such as Kerberos_CC_NAME, Kerberos_CONF, Kerberos_CONF_MIT parameters. I used the same in my sqlnet file but it didnt works.
You have to specify location of your wallet in sqlnet.ora file, see Profile Parameters (sqlnet.ora)
In case of problems edit your sqlnet.ora file and add these lines
TNSPING.TRACE_DIRECTORY = path (location where you like to get trace file)
TNSPING.TRACE_LEVEL = user
The trace file should provide more information what is going wrong.
A certificate is required to connect my SonarQube server. I have installed the SonarLint plugin, but it does not have any option to add certificates to connect my SonarQube server. It has only URL, username , password options. Is there any way to set certificates ?
SonarLint does not permit the configuration of certificates, but you can add certificate to JRE or JDK.
https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html
Copied text from the Oracle documentation:
Import the Certificate as a Trusted Certificate
Before you can grant the signed code permission to read a specified file, you need to import Susan's certificate as a trusted certificate in your keystore.
Suppose that you have received from Susan
the signed JAR file sCount.jar, which contains the Count.class file, and
the file Example.cer, which contains the public key certificate for the public key corresponding to the private key used to sign the JAR file.
Even though you created these files and they haven't actually been transported anywhere, you can simulate being someone other than the creater and sender, Susan. Pretend that you are now Ray. Acting as Ray, you will create a keystore named exampleraystore and will use it to import the certificate into an entry with an alias of susan.
A keystore is created whenever you use a keytool command specifying a keystore that doesn't yet exist. Thus we can create the exampleraystore and import the certificate via a single keytool command. Do the following in your command window.
Go to the directory containing the public key certificate file Example.cer. (You should actually already be there, since this lesson assumes that you stay in a single directory throughout.)
Type the following command on one line: keytool -import -alias susan -file Example.cer -keystore exampleraystore
Since the keystore doesn't yet exist, it will be created, and you will be prompted for a keystore password; type whatever password you want.
The keytool command will print out the certificate information and ask you to verify it, for example, by comparing the displayed certificate fingerprints with those obtained from another (trusted) source of information. (Each fingerprint is a relatively short number that uniquely and reliably identifies the certificate.) For example, in the real world you might call up Susan and ask her what the fingerprints should be. She can get the fingerprints of the Example.cer file she created by executing the command
keytool -printcert -file Example.cer
If the fingerprints she sees are the same as the ones reported to you by keytool, the certificate has not been modified in transit. In that case you let keytool proceed with placing a trusted certificate entry in the keystore. The entry contains the public key certificate data from the file Example.cer and is assigned the alias susan.
I have an .p12 keystore file issued by the provider of a webservice that I'd like to communicate with (SOAP) through a PL/SQL procedure from an Oracle 11g2 database.
A wallet was created with:
$ orapki wallet create –wallet [walletdirectory] -pwd [password] -auto_login
And the resulting 'ewallet.p12'-file was subsequently replaced with the (renamed to 'ewallet.p12') keystore file.
However, the SOAP-requests cannot be authorised. The log of the service provider shows (full log not available to me):
Error log Apache httpd
[<timestamp>] [error] [client <IP>] access to <URL> failed, reason: SSL requirement expression not fulfilled (see SSL logfile for more details)
ACL-settings have been thoroughly audited. I am now exploring the possibility that the Oracle Wallet has not been set up properly (because perhaps simply replacing the keystore files is not possible). I cannot extract the private key from the supplied .p12 to add to the newly generated 'ewallet.p12'.
Thus I would like to use the Oracle Wallet Manager to create the Wallet. Some problems I've encountered.
I can not open the supplied .p12 file as a wallet in OWM
Renaming the supplied keystore to 'ewallet.p12' allows me to open the wallet in OWM, but upon entering the keystore password, displays "incorrect password"
Condensed question is: How do I create an Oracle Wallet from an already existing PKCS#12 file? Either as a complete product or by generating the required .SSO-file? Any other advice as to what might be the cause of this problem?
Note: using SOAPUI, I'am able to successfully communicate with the webservice using the supplied keystore.
The webservice was unable to be authorized because the cwallet.sso file was not correct in the Oracle Wallet. The complete procedure to generate a correct Oracle Wallet from an existing PKCS#12 Keystore is:
$ orapki wallet create -wallet /path/to/wallet -auto_login
Where the [path/to/wallet] targets an existing directory that already includes the PKCS#12 Keystore. This generates the correct cwallet.sso file. The certificates included in the keystore can now be shown with:
$ orapki wallet display -wallet /path/to/wallet
And the Oracle Wallet can now be associated with an ACL:
SQLPlus: EXEC DBMS_NETWORK_ACL_ADMIN.ASSIGN_WALLET_ACL('[acl_file.xml]','file:/path/to/wallet');
However, for reasons unknown to me, an Oracle Wallet created in this fashion cannot be opened using the Oracle Wallet Manager tool.