ORA-28417: password-based keystore is not open

ORA-28417: password-based keystore is not open

We need to change master key value in TDE enabled database in DB version 12c.
The command to reset the master encryption key in 12c is:
SQL>ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY keystore_password WITH BACKUP;

Error:
During execition of statement getting the following error.

SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY WITH BACKUP;
ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "******" WITH BACKUP
*
ERROR at line 1:
ORA-28417: password-based keystore is not open

Caused
Auto login wallet is created before the master key added.

Solution:
1. Rename the file cwallet.sso for remove the auto-open wallet

mv cwallet.sso cwallet.sso.bkp

2. Close the auto login wallet:

administer key management set keystore close;

3. Then try to open the wallet with password.

administer key management set keystore open identified by 'wallet_password' ;
administer key management set key identified by 'wallet_password' with backup;

4. Re-enable the auto login

administer key management create AUTO_LOGIN keystore from keystore 'wallet directory' identified by 'wallet_password' ;

Change the password of Wallet

ADMINISTER KEY MANAGEMENT ALTER KEYSTORE PASSWORD IDENTIFIED BY 'old password' SET 'new password' WITH BACKUP ;

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.