|Oracle® Database Platform Guide
11g Release 2 (11.2) for Microsoft Windows
|PDF · Mobi · ePub|
This chapter describes storing and retrieving of Oracle Wallets in the Windows registry.
Oracle Wallets store private keys, trust points, and digital certificates used in public key applications for authentication and encryption. Oracle Wallet Manager creates and manages Oracle Wallets. Oracle public key applications use obfuscated Oracle Wallets for authentication and encryption.
Note:Oracle Wallet Manager is a feature of Oracle Advanced Security, a separately licensable option to Oracle Database.
In Windows domain, a user's profile is stored on the local computer. When a local user logs on to that computer, that user's profile on the local computer is uploaded into the user profile in that computer's registry. When a user logs out, that user's profile stored on the local file system is updated, ensuring that the domain user or local user always has the most recent user profile version.
WALLET_LOCATION in file
sqlnet.ora specifies the location of the obfuscated Oracle Wallet for use by Oracle PKI applications. For example, the
WALLET_LOCATION parameter for storing an Oracle Wallet in the registry in:
WALLET_LOCATION = (SOURCE= (METHOD=REG) (METHOD_DATA= (KEY=SALESAPP)))
Continuing the example, the encrypted Oracle Wallet would be stored in the registry in:
and the obfuscated Oracle Wallet would be stored in:
On Windows operating systems, if there is no value specified for parameter
WALLET_LOCATION, then Oracle PKI applications first look for the obfuscated wallet in registry key:
If no obfuscated wallet is found there, Oracle PKI applications look for it in the file system of the local computer at location:
Regardless of location, wallets are always stored in the same format. All functionality is the same except for the location of the wallets.
Oracle Wallet Manager creates and manages Oracle Wallets. If you want to use the Windows registry for Oracle Wallets, then you must select the Use Windows System Registry check box. If Windows System Registry is selected, then the tool shows a list of existing keys when it opens a wallet or saves a new wallet. The list appears in:
You can select one of the existing locations or enter the name for a new location (registry key). If you enter a new key called
key1, for example, then the tool creates the following registry key:
The encrypted wallet will be stored in:
The obfuscated wallet will be stored in:
If you do not select the Use Windows System Registry check box, then the tool displays all the available drives and directories on the local computer. You can select one of the existing directories or enter a new directory. The tool stores the encrypted or obfuscated wallet in the selected directory or creates the directory if it does not exist.
Multiple nonreplicated databases cannot share wallets. If
sqlnet.ora files contain wallet location information, then databases also cannot share
The only exception to this rule is password-authenticated or Kerberos-authenticated enterprise user security with default database-to-directory connection configuration that uses passwords. This configuration keeps database wallets in the default location, where Database Configuration Assistant creates them. In this situation, no wallet location information is stored in the
sqlnet.ora file, and the wallet can be shared among multiple databases.
Note:If SSL is used for enterprise user authentication, then the wallet location must be specified in the
sqlnet.orafiles cannot be shared by multiple databases for SSL-authenticated enterprise users.