I'm finding hints here and there that this is a known issue, but just wanted to ask here directly to confirm. I have a typical client-server TLS connection. We have multiple database instances server-side, each with their own client-side apps, and are transitioning all of them to communicating over TLS1.2. We would like to avoid making unique sqlnet.ora files for all of them, so are opting to use each client's tnsnames.ora file to point to where the wallet is on the server-side. That is my understanding of how the MY_WALLET_DIRECTORY is supposed to work.
Client side tnsnames.ora uses the MY_WALLET_DIRECTORY parameter as follows:
(SECURITY=
(SSL_SERVER_CERT_DN=[cert])
(MY_WALLET_CONNECTION=[location of server-side wallet])
)
This results in ORA-28759: failure to open file. Looking at the trace, it is clear that it is looking for the server-side wallet in the default Unix area:
[29-AUG-2022 11:00:59:766] snzdfo_open_file: Opening file /etc/ORACLE/WALLETS/oracle/ewallet.p12 with READ ONLY permissions
[29-AUG-2022 11:00:59:767] snzdfo_open_file: File Open/Close error
[29-AUG-2022 11:00:59:767] nzdfo_open: File Open/Close error
[29-AUG-2022 11:00:59:768] nziropen: rio open failed with error 28759
This error is eliminated if the WALLET_LOCATION parameter is set in the server-side sqlnet.ora file, but that gets us back to the problem of then having to create unique sqlnet.ora directories for each instance. Hopefully this is just something I'm not understanding. Thanks for any assistance you can provide.