You may face this error
when database needs to access the keystore and keystore is not open. For
example, while changing keystore password, or while creating/rotating master
encryption key. In the following example, I faced this error while creating
master encryption key.
SQL> ADMINISTER KEY MANAGEMENT SET KEY
IDENTIFIED BY salman12 WITH BACKUP USING 'initial_backup' CONTAINER = ALL ;
ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY
salman12 WITH BACKUP USING 'initial_backup' CONTAINER = ALL
*
ERROR at line 1:
ORA-46658: keystore not open in the container
|
This error means that
keystore is not open that is required before creation of the master encryption
key. Open the keystore and re-execute the statement to create master encryption
key.
SQL> SELECT WRL_PARAMETER, STATUS, WALLET_TYPE
FROM V$ENCRYPTION_WALLET;
WRL_PARAMETER STATUS WALLET_TYPE
----------------------------------------
------------------------------ -------------------- -----------------------------
C:\APP\ORACLE\ADMIN\SALMAN12C\WALLET CLOSED UNKNOWN
SQL> administer key management set keystore
open identified by salman12 container=all;
keystore altered.
SQL> SELECT WRL_PARAMETER, STATUS, WALLET_TYPE
FROM V$ENCRYPTION_WALLET;
WRL_PARAMETER STATUS WALLET_TYPE
----------------------------------------
------------------------------ -------------------- ------------------------------------------
C:\APP\ORACLE\ADMIN\SALMAN12C\WALLET OPEN_NO_MASTER_KEY PASSWORD
SQL> ADMINISTER KEY MANAGEMENT SET KEY
IDENTIFIED BY salman12 WITH BACKUP USING 'initial_backup' CONTAINER = ALL ;
|
If you are using auto-login (or local auto-login) keystore, you still need to open password-based keystore before creating master encryption key, and in that scenario, you will receive
ORA-28417 instead of ORA-46658
Related Articles
- Configuring Transparent Data Encryption (TDE) in 11g
- Configuring Transparent Data Encryption (TDE) in 12c
TDE Related Error
Messages
No comments:
Post a Comment