Changing Oracle wallet password

Similar Messages

• Change Wallet password via sqlplus

  Is there a way to change the wallet password through SQLPlus? I can't find any documentation for changing the password in this way. I created the wallet and password using this command:
  alter system set wallet open identified by "password1";
  I don't want to use Wallet manager or orapki because there is a bug with them for 11.2.0.1 in which is corrupts your wallet. The solution is to upgrade to 11.2.0.2 but I am not ready for that yet.
  Doc 1301365.1 point #3
  BUG 9215461

  We are running into the same issue. We are on 11.2.0.1 on linux x86-64. We were intending to implement TDE, but found out the known limitations with TDE on 11.2.0.1 were too extreme to feel comfortable enabling this (see Known TDE Wallet Issues [ID 1301365.1]). We also need to update to 11.2.0.2, but because we have a Grid infrastructure and 4-node cluster, the downtime would be extreme to perform the patching. We have a ticket open with oracle to provide patches on 11.2.0.1, but there is no ETA.
  There are a few patches that address the ability to recreate the wallet, however applying these patches, caused me to run into the wallet corruption issue where OWM and orapki no longer recognize the password, even though that same password can close and open the wallet correctly from sqlplus.
  So at the moment, we are dead in the water on enabling TDE due to these limitations. Our options are to update to 11.2.0.2, or wait for the 11.2.0.1 patches.

• Wallet password modification

  I am trying to figure out how to modify Oracle Wallet password from command line (mkstore). It is possible to modify the password from OWM GUI.. but I have not found any way how to do it from the command line. Just for clarity - I am not talking about individual credentials (-modifyCredential), I just want to change password on the Wallet level (e.g. wallet without any credentials just containing third party certificates for validation of https callouts via utl_http.request..
  Any ideas?
  Pavel

  Pavel.Ruzicka wrote:
  This is 10g R2. Simple workaround for me is to use the GUI. I was just surprised that there is no direct equivalent on mkstore level (parameter/switch). Thanks anyway.
  Regards,
  Pavelhttp://www.stanford.edu/dept/itss/docs/oracle/10g/network.101/b10772/asowalet.htm#1006854

• Interconnect DB adapter Error when connecting to DB Using Oracle Wallet

  Hi all,
  I have installed multiple DB adapters on a unix m/c and when i am starting the DB adapter( name ex: B) i am getting the following error.
  when i Hash (#)the passwd in adapter.ini without using oracle wallet my DB adapter gets connected if the same is removed i am getting the following Error.
  "java.sql.SQLException: invalid arguments in call"
  Oracle Wallet password have been set correctly and works fine with one of the DB adapter( name ex: A) and the same setting of A has been used in B.
  Would be glad if someone could help to give solution to track oracle wallet and database connectivity.
  Oailog.txt
  ~~~~~~~~~~
  Initializing the Bridge oracle.oai.agent.adapter.database.DBBridge..
  Initializing connection to the Repository...
  Connected to the Repository.
  B could not connect to the database
  regards
  yenyes

  The issue was solved.The workaround involved synchronising the security folders the one below the /interconnect and one below /adapters.

• AIP-16076: A wallet password is required for hosted trading partner Oracle

  Hi,
  I have defined a agreement under "Custom Document over Generic Exchange" using File transport protocol.
  I have configured host and remote tp delivery channels with following setup
  i) Encryption Enabled
  ii)Non-repudiation-origin enabled
  iii)Non-repudiation-receipt enabled
  I have created digital certificate using Oracle Wallet Manger application and saved them in B2B file system.
  I have browsed and uploaded digital certificates to B2B during delivery channel creation.
  After completing everything and when I validate the agreement, it throws following error
  AIP-16076: A wallet password is required for hosted trading partner Oracle
  Where I am doing wrong ?
  Should I copy certificates to a specified path ?
  Thanks
  -Praveen

  HI,
  I got it now.
  We have to set Host TP wallet password in General section Host TP B2B UI
  Thanks

• If OS oracle account password changed, What I have to change EM/OSB config?

  Dear..
  Our customer using oracle secure backup and EM-GRID for exadata backup.
  Any backup schedule on EM-Grid didn't operate after they changed oracle operating system password.
  What I have to / How to change configuation on osb software and em-grid side?
  Thanks.
  daesuk

  918337 wrote:
  What I have to / How to change configuation on osb software and em-grid side?EM holds preferred OS credential with password, so you have to change it.
  Go to Preferences -> Credentials.

• Ecc6, after i've changed all the passwords for all oracle users, then how

  ECC6, after i've changed all the passwords for all oracle users, now sap can't connect to oracle , then,  How can i config the sap to make sure it can boot normal?
  If our database is sqlserver, i've changed the database password for all database users, then, How can i config the sap?
  Thanks!

  My db is oracle ,                           the oracle host name is dbserver.
  The sap ap server only install the SAP. SAP host name is apserver.
  Just now i've altered all the password of the oracle database db user account, Include the account "sys".
  (I must alter the password.)
  Now the SAP service in the host "apserver" can't boot.
  Could you teach me  how can i config the "apserver" to make the SAP normal boot ?
  Thanks!
  Best regards!

• Use Oracle Wallet to store repository (Registry/SS/EAS) credentials?

  I'm running EPM 11.1.2.2 on AIX, Oracle repository, already installed and configured.
  The security team would prefer to have the repository credentials stored in an Oracle wallet as a matter of policy.  I believe, from my limited research, that a JDBC driver can (theoretically) use wallet.  But has anyone done it in the context of the EPM services (i.e. Foundation, EAS)?
  Obviously, the password is encrypted already, so I'm not sure that this really provides much of a real security benefit - except that I think that the Oracle password could be changed by updating the wallet without having to re-run the EPM configuration utility.
  Any input gratefully received.  Thanks!

  Nothing like wanting to add another layer of complexity to an already complex world , if security is the issue then SSL should be looked at but the passwords will still be stored in the database.
  I have never heard of it being done with EPM but would be interested to know if it is actually supported.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Oracle Wallet manager error

  Hi all,
  Inorder to test SSL, i created a certificate request in OWM.Then i got a trial certificate from verisign for this request.What should i do now ? I tried to import that certificate in Oracle Wallet manager but getting this error.
  "Trusted Certificate Installation Failed.
  Input was not a valid certificate".
  Please guide me
  Srini

  belw is the note
  PURPOSE
  To list the steps needed to configure Oracle HTTP Server (OHS) to use the Secure
  Sockets Layer (SSL) when installed with Oracle9i Application Server (9iAS)
  Release 2 (9.0.2). The below instructions show, step by step, instructions for
  obtaining a trial certificate from a Certificate Authority, such as Verisign or
  Thawte. Please refer to the Oracle 9iAS Documentation for further details.
  SCOPE AND APPLICATION
  Oracle9i Application Server (9iAS) Release 2 (9.0.2 and above)
  Configuring SSL with Oracle HTTP Server in 9iAS Release 2
  There are two major steps needed to configure SSL in 9iAS:
  I. Create an Oracle Wallet which contains an SSL Certificate
  II. Configure httpd.conf directives to enable SSL with OHS
  NOTE:
  Only standard server certificates are supported. These are sometimes referred
  to as "40-bit Certificates", but will allow 128-bit encryption provided the
  browser supports 128-bit encryption. 9iAS Release 2 does not support Global
  Server Certificates, called "128-bit Certificates", that allow 56-bit export
  browsers to step up to 128-bit.
  STEP I: Configuring Oracle Wallet Manager (OWM)
  1. Start Oracle Wallet Manager from the 9iAS $ORACLE_HOME.
  Note: If you wish to use AutoLogin features you must start OWM as the user
  who owns the httpd parent process.
  To start Oracle Wallet Manager:
  On Windows: select Start > Programs > Oracle - ORACLE_HOME >
  Integrated Management Tools > Wallet Manager
  On UNIX: enter owm at the command line.
  2. Create an Oracle Wallet which contains an SSL Certificate:
  - Select Wallet -> New
  - Enter a password for the wallet e.g Welcome1
  - Create a Certificate Request.
  - Enter the details for the request. For example:
       Common Name:          <hostname.domainname>
  Organizational Unit:      Support
  Organization:      Oracle
       Location:          Reading
       State:               Berkshire
       Country:          United Kingdom
       Key Size:          1024bits
  * Common Name has to match the hostname.domainname that the webserver is
  known as. This is the Servername parameter in the httpd.conf file, and
  is the hostname.domainname that users will enter in the browser URL.
  - Click OK.
  - Click 'Certificate:[Requested]' and select from the Menu 'Operations' and
  'Export Certificate Request'
  - Save to a file e.g server.csr
  - Open the file in a text editor and copy the contents of the certificate
  signing request, to be pasted in a Certificate Authority (Verisign) form.
  An example is shown below:
  -----BEGIN NEW CERTIFICATE REQUEST-----
  MIIBtzCCASACAQAwdzELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCWJlcmtzaGlyZTEQMA4GA1UEBxMH
  cmVhZGluZzEPMA0GA1UEChQGb3JhY2xlMRAwDgYDVQQLFAdzdXBwb3J0MR8wHQYDVQQDFBZ1a2Ro
  MTkzNC51ay5vcmFjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYkFMb9x4ehsG3
  yQ2ub319GxPW+/TC3NSIYRLzEa49EziqBUr08R3Ssn9+6nolVjj1eb3rzwCfjiOSzsp1lSa/B9Vo
  63pwP6xLbCgF8J86YfcZvavgLzY0Yc1fPfRxpZkb/jjt+F1zkaI6Lilm5YU3bRNYMb36TAWxUYL1
  m6wZOwIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEACKXTmPHaSe3Lx3onnKJk/qI8SzpKyQC/B29v
  JGg1+7Lb7gl052Y9WKxbKHzOQOYr8yYxMXNBCUwW6kBAFoxTWSpIxIQOpJXcsu1RlHKaLfAnw053
  LiwpRB6do7MBrVgMRiv3AyTkJkgRzSxABWAgNpBPbhH+L6PZj5tSjOPErKA=
  -----END NEW CERTIFICATE REQUEST-----
  3. Request a Certificate from a Certificate Authority:
  - Load a web browser and go a Certificate Authority website of your choice.
  The examples below are from www.thawte.com:
  - Click on 'request your free trial'.
  - Fill in the necessary name and address details etc. and 'Submit'.
  - Paste in the certificate request into the box under the
  'Certificate Signing Request' Section.
  - Select "Test X509v3 SSL Cert" and hit "Generate Test Certificate"
  - Once submitted the Trial Certificate will appear on screen similar to below:
  -----BEGIN CERTIFICATE-----
  MIICnDCCAgWgAwIBAgIDD9m+MA0GCSqGSIb3DQEBBAUAMIGHMQswCQYDVQQGEwJa
  QTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEChMU
  VGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRFU1QgVEVTVCBURVNUMRww
  GgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4XDTAxMTAyNDE0MDIxOVoXDTAx
  MTExNDE0MDIxOVowdzELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQ
  MA4GA1UEBxMHUmVhZGluZzEPMA0GA1UEChQGT3JhY2xlMRAwDgYDVQQLFAdTdXBw
  b3J0MR8wHQYDVQQDFBZ1a3AxNTkxOC51ay5vcmFjbGUuY29tMIGfMA0GCSqGSIb3
  DQEBAQUAA4GNADCBiQKBgQDiQbg8KHjQ8hazvFe+OFhQa6ka+i5oShUty1MhlH+/
  /xXP+j82h4VlyPG6IGKeQdXLhnKXgLuxTZ8/VDtLZyucmpIB95o2A3Betjp7UdIm
  C572rKrQTA+1mCt/KLWcNE+fQuCmhloaERh3jsWTng0TKsDpJeAJdW2F4tCy/E/E
  MwIDAQABoyUwIzATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0G
  CSqGSIb3DQEBBAUAA4GBACffzyC3qvAlvNWc6mBPMjFu6XWUGZBuNawFCz8qGw5/
  ce3rWFNI4zOjc1OncoJg7FjDJgAWqiJFHgdV4gwQm/8lTJX6wD1FhMtrJDXf29ei
  1DAe8kBOBWiFMio8Qjp24TdxoI6/53/32ydl91CPtTKAix3SaC2bBS5lG73AbKRr
  -----END CERTIFICATE-----
  - Copy the certificate to a file called server.crt
  - Get the Trusted CA Root certificate by accessing:
  https://www.thawte.com/roots/index.html
  - Copy the certificate that appears on the screen to a file called
  servertest.crt
  - Ftp or move the files to a directory on your server
  - In Wallet Manager select Operations -> Import User Certificate.
  - It will then ask you if you want to Paste the certificate or load
  from a file. Choose 'Select a file that contains a certificate'.
  - Select the file server.crt and hit OK.
  - At this point, the Wallet Manager may complain that the Trusted CA Root
  Certificate does not exist in the wallet. It will ask if you want to
  import it now. Select Yes. See Below
  - Select 'Select a file that contains a certificate' and select the
  servertest.crt file.
  - If this completes successfully you should see Certificate:[Ready] and the
  Thawte Test CA Root will appear in the list of trusted certificates.
  - If you desire Oracle HTTP Server to AutoLogin to the Wallet, then select
  AutoLogin. (Wallet Manager must have been started as the owner of the
  httpd parent process for this to work).
  - From the menu, File -> Save
  Save the Wallet in a directory where the 9iAS user has permission to access
  * If you generated your test certificate via www.verisign.com there is an additional
  step required if OWM is not accepting the Trusted CA Root Certificate. The step is
  as follows:
  In OWM, at the point of message "User certificate import has failed because the
  CA certificate does not exist". You are expected to import the CA certificate.
  For Verisign, that would be the 'Test CA Root' for the Trial version. Verisign's
  email has instructions on how to download the Test CA Root. One problem with the
  Test CA Root is that it is saved as DER encoding, but OWM expects BASE64 encoding.
  Please do following, using Internet Explorer 5.X as example.
  1. Following Verisign instructions and install Test CA Root
  certification into IE.
  2. Export 'Test CA Root' from IE in BASE64 format
  Tools -> Internet Options -> Contents -> Certificates
  -> Trusted Root Certificate Authorities
  Select CA issued by Versign with following Description in 'Issued to' column
  "For Versign authorized testing only ....."
  Export -> Next -> select Base-64 encoded X.509(.cer)
  The file saved must me accessible to OWM
  3. When prompted to load 'CA certificate ', provide the Base64 encoded file.
  Then, continue where you left off when OWM did not accept your Trusted CA
  Root Certificate.
  STEP II: Configuring Oracle HTTP Server (OHS)
  Please review the default directives in the httpd.conf file that relate to SSL by
  opening the file in a text editor and search on "SSL". If you have not already
  done so, please make a back up of this file. Do NOT hand edit this file without reading
  the precautions in the 9iAS Documentation. You should use the Enterprise Manager (EM)
  Website to modify this file. For SSL to work, the SSL 'listen' port must match the
  "VirtualHost _default_" directive within the file. All other SSL parameters are
  set to the default, and you can modify at a later time, depending on your needs.
  ## SSL Support
  Listen 80
  Listen 443
  #443 is the SSL port number.
  ##Further down in file:
  <VirtualHost default:443>
  For the purposes of a basic SSL configuration, you should only need to
  change the following directives:
  SSLWallet
  SSLWalletPassword
  - Change the SSLWallet directive to the path where you saved your wallet, i.e:
  SSLWallet file:/tmp/wallets
  - If you get an error, ADMN-906025 with exception 806212, when starting OHS
  after modifying httpd.conf, it is because you need to supply this password.
  You may also see errors such as the following:
  Error Failed to restart HTTP Server.
  Timeout has been reached. Timeout has been reached.
  If you did not select AutoLogin, then you need to change the SSLWalletPassword
  to your clear text Wallet password by adding the following into your httpd.conf
  SSLWalletPassword <yourPassword>
  - If you wish to encrypt the SSLWalletPassword refer to the following:
  [NOTE:184677.1]
  How to Use IASOBF to Encrpyt a Wallet Password Within 9iAS Release 2
  - Save the configuration, and restart Oracle HTTP Server
  - Test a URL to Oracle HTTP Server in SSL mode:
  https://<hostname.domainname>:<port>

• Oracle Wallet Manager question..

  Hello,
  I have a question on Oracle Wallet Manager and will appreciate if you can help me with this:
  In our environment, there are distributed databases and background processes running on different systems ( windows NT and SGI IRIX ) the application uses Oracle Background processes which have Database account names and login to processes running on different machines..
  In an environment which has 250+ systems, changing passwords every 60 days or so becomes very cumbersome and problematic: If one network link is down, the password change is not done on one system and the next time the application tries to access a remote process it does not work..
  Currently, the password changes are restricted to once a year ..
  In the long run, it would be a better solution to replace this set-up with a industry standard secure architecture (i.e. one using PKI tokens, Certificate Authority etc..)
  Currently, I am looking at Oracle Wallet Manager as a possible solution .. will appreciate, if you can give me some feedback, whether this will be feasible ..
  Thank you ..
  --osman

  I would like to share my idea.
  Use Oracle Internet Directory (LDAP), single sign-on, SSL (Oracle Wallet), keberos and Windows Native Authentication.
  Check OracleAS 10g (10.1.2) documentations.
  We did all the above which were included in the the integration of OracleAS 9.0.4 with Oracle Applications 11.5.10.

• AIP-16076: A wallet password is required for hosted trading partner

  Hi Please help me to resolve this issue.
  B2B version: 10.1.2.2
  OS: AIX 5.3
  Error
  Agreement XYZ is invalid.
  AIP-16076: A wallet password is required for hosted trading partner ABC in agreement XYZ.
  I did create the wallet, imported TD certificate and created wallet.txt and changed the "tip.properties"
  Restarted B2B.
  I did provide password 'welcome' when I create "Transport Servers". Is there any part I am missing. Please help with info to resolve this issue. It's bit important.
  Thanks !
  Rama K

  Hi Guys,
  Thanks for quick reply.
  Here I am experiencing one more isssue. Please let me know, if you have quick ans for this issue.
  <MSG_TEXT>Error -: AIP-51085: General failure encrypting S/MIME message: Error -: AIP-51091: Adding recipient to S/MIME message recipient list failed : Error -: AIP-51162: invalid asn.1 tag.
  at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createEncryptedMimeBodyPart(MimePackaging.java:513)
  at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.applySecurity(MimePackaging.java:1697)
  at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createMimeMessage(MimePackaging.java:262)
  at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.pack(MimePackaging.java:110)
  at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1165)
  at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:701)
  at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:832)
  at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:531)
  at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java(Compiled Code))
  at java.lang.Thread.run(Thread.java:568)
  Caused by: Error -: AIP-51091: Adding recipient to S/MIME message recipient list failed : Error -: AIP-51162: invalid asn.1 tag.
  at oracle.tip.adapter.b2b.packaging.SmimeSecureMessaging.encrypt(SmimeSecureMessaging.java:1242)
  at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createEncryptedMimeBodyPart(MimePackaging.java:485)
  ... 9 more
  Caused by: Error -: AIP-51162: invalid asn.1 tag.
  Thanks in Advance,
  Rama K

• Unable to import the user certificate into the Oracle Wallet Manager

  Hi,
  I am configuring the External Authentication plugin using the password filters.
  i am using the version 10.1.0.5.0 version of Oracle Wallet manager
  inorder to do that i am enabling the SSL mode.
  to enable the SSL mode i followed the some steps in OWM and OCA admin and user console.
  when i approved a certificate as admin and importing to the Oracle Wallet Manager, i got an error that
  User Certificate Installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request found
  - CA certificate needed for certificate chain not found.
  Please install it first
  can anyone help me how to resolve this problem.

  hi,
  thanks for your reply pramod
  I tried to import the two certificate files(rootca.crt and server.crt). but i am got the same error.
  what may be the problem.

• User is not able to change his own password... Only DBA can change users password ??

  Hi,
  I have this problem today.I am using Oracle 8.1.7 on Solaris 2.8
  A Oracle user say " SCOTT" trying to change his password but could not.. he gets the followling message
  SQL> alter user scott identified by abc123;
  alter user scott identified by abc123
  ERROR at line 1:
  ORA-28003: password verification for the specified password failed
  Scott's profile has password_verfiy function. Hence i thought abc123 password was not matching with the password verify condition. Surprisingly, what ever password SCOTT tries with, he could get the same error message and could not change his password.. Ultimatly SCOTT could never change his password. How is it possible ??
  It is noteworthy to mention that if i give DBA role to SOCTT then he can change his password with abc123 or any thing that satisfies with password verification function.
  Now Only a user who has DBA role or a DBA could change passwords..
  Can somebody through some light on it and explain what corrective action to be taken so that Users can change their password without DBA's interreption.
  Thanks in advance
  Regards
  Srini

  <PRE>
  This is the description of the error message:
  =============================================================================
  ORA-28003 password verification for the specified password failed
  Cause: The new password did not meet the necessary complexity specifications
  and the PASSWORD_VERIFY_FUNCTION failed.
  Action: Enter a different password. Contact the database administrator to find
  out the rules for choosing the new password.
  =============================================================================
  it clearly says that password has to match the complexity specifications. You will not be able
  to change password without meeting the complexity requirements.
  DBA's can make the change to the password because if DBA's can not change the password, it could lock
  you out of the database (all users including the DBA's) and you will not be able to access the
  database.
  Try removing the password verify function and see if you can then change the password succssfully.
  </PRE>
  hi Prakash,
  The verify password function is standard oracle function and I do not think the current problem is any way related to the rules that were framed in verify password function. The key point here is a user could not change his own password. But a DBA or a user who has ALTER USER system privs.. can do so..
  Regards
  Srini

• How to find out who has changed the SYSADMIN password?

  Hi,
  Is there a way to trace who has changed the SYSADMIN password in an instance?
  Regards,
  Neeraj

  of course, this is limited to any updates to the
  user, e.g. added responsibility, etc. So, it
  probably is very limited in value.That's why it is recommended to enable AuditTrail, which is a way of keeping track of changes made to important data in Oracle Application tables. AuditTrail keeps a history of the following three questions:
  1. What changed
  2. Who changed it
  3. When did the change take place

• Oracle Wallet and XE

  I believe this topic has been discussed quite a bit in the past on this forum. Essentially I would like to be able to utilize utl_http to access an external website using https. Doing research on this, I've come to find out that:
  a. You need to use Oracle Wallet Manager to import trusted certificates from these sites.
  b. Oracle Wallet Manager is part of Oracle Advanced Security Module
  c. Oracle Advanced Security Module is only applicable to Enterprise Edition Database.
  d. The 'owm' binary does not come packaged with Oracle XE.
  In my search, I also came across the following in the official Oracle Database Licensing Information document (http://download-west.oracle.com/docs/cd/B19306_01/license.102/b14199/editions.htm)
  Oracle Wallet
  Oracle Wallet is a password-protected container used to store authentication and signing credentials, including passwords, private keys, certificates, trusted certificates, and TDE master keys. Oracle Wallet Manager is an application that wallet owners can use to manage and edit the security credentials in their Oracle wallets. Oracle Wallets can be deployed on clients, middle tiers, and database servers free of charge. However, the following features that use an Oracle Wallet in turn require licensing of the Oracle Advanced Security Option: PKI credentials and transparent data encryption master keys. Oracle Advanced Security option is not required when configuring wallets to secure communication between the Oracle Database and Oracle Internet Directory.
  Based on this description, my intended use of Oracle Wallet would not require the Oracle Advanced Security option as I just want to store certificates of those sites I'm accessing via https.
  Does this mean that I could fire up owm on another database server, create the file and then use it in my XE application? Or does it mean that because I'm running XE and because owm did not come with the distribution, I have no right to utilize the functionality?
  Thanks in advance for any input.

  The T in TDE stands for transparent, so your application shouldn't need to even be aware that any columns or tablespaces are encrypted. TDE is generally implemented in systems that were never designed to encrypt the data, so in theory it should be "perfectly safe" to develop unencrypted and have the client encrypt the columns during installation.
  Of course, when marketing folks start talking about things that are "perfectly safe", that's always a sign of danger ahead. Even though I've never heard of a case where encrypting a column caused a problem for an application, I would be very dubious of doing development in an environment different than production. That includes the exact version of the database (I assume the client has installed the latest patchsets, so they're running 10.2.0.4, for example) as well as the edition. If you decide to rely on the fact that everything should go smoothly when you promote to a different version of a different edition of the database with a different schema definition, even though it normally should, you're pretty much guaranteeing that you will end up with a problem that will be a pain to resolve.
  In your case, I wouldn't use XE for development. It would be much safer to develop against the personal edition. That isn't free, but that is the enterprise edition of the database licensed to be run on developer machines. It isn't free, but it's way less than an enterprise edition license.
  Justin