Wednesday, February 22, 2017

ORA-28354: Encryption wallet, auto login wallet, or HSM is already open

This error comes when you try to open a password-based keystore, and the keystore is already open.
SQL> SELECT WRL_PARAMETER, STATUS, WALLET_TYPE FROM V$ENCRYPTION_WALLET;

WRL_PARAMETER                                                        STATUS                                            WALLET_TYPE
---------------------------------------- ------------------------------ -------------------- -----------------------------------------
C:\APP\ORACLE\ADMIN\SALMAN12C\WALLET     OPEN_NO_MASTER_KEY             PASSWORD

SQL> administer key management set keystore open identified by salman12;
administer key management set keystore open identified by salman12
*
ERROR at line 1:
ORA-28354: Encryption wallet, auto login wallet, or HSM is already open

There is also a bug that can cause this error message. Because of that bug, if you want to create a master encryption key while having an auto-login keystore already open, and then you try to open your password-based keystore. To solve problem in this case, remove the auto-login keystore by moving cwallet.sso file to some other location, close the keystore, open the password-based keystore, and then try creating master encryption key. Once done, now you can again create auto-login keystore.


Related Articles
TDE Related Error Messages

Wednesday, February 15, 2017

ORA-46661: keystore not open in root container

In a multi tenant environment, this error comes when you try to open a password-based keystore in a pluggable database and the keystore in root container is no already open. Please note that to open keystore in any pluggable database, the keystore in root container (CDB$ROOT) must be opened first, or alternatively you can use CONTAINER=ALL option while opening keystore in the root container so that keystore for all the pluggable databases is also opened.

ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY [password] CONTAINER=ALL;