Error
Error Code: ORA-28365

Oracle Error ORA-28365: Wallet Not Open

📦 Oracle Database
📋

Description

The ORA-28365 error indicates that the Oracle security wallet, which stores encryption keys and credentials, is not open. This typically occurs when attempting to access encrypted data or perform operations requiring wallet access, such as using Transparent Data Encryption (TDE).
💬

Error Message

wallet is not open
🔍

Known Causes

4 known causes
⚠️
Wallet Not Opened
The wallet may not have been explicitly opened using the `ADMINISTER KEY MANAGEMENT` statement or through automatic login mechanisms.
⚠️
Wallet Auto-Login Failure
Automatic login may be disabled or misconfigured, preventing the wallet from opening automatically upon database startup.
⚠️
RAC Instance Inconsistency
In a Real Application Clusters (RAC) environment, the wallet may be open on some instances but not others, leading to inconsistent behavior.
⚠️
Incorrect Wallet Location
The database may be configured to look for the wallet in an incorrect location, resulting in a failure to find and open it.
🛠️

Solutions

4 solutions available

1. Open the Oracle Wallet Manually easy

Directly open the wallet using the orapki utility.

1
Identify the location of your Oracle Wallet. This is typically specified in your `sqlnet.ora` file under the `WALLET_LOCATION` parameter. If not set, it's often in `$ORACLE_HOME/network/admin` or `$ORACLE_HOME/dba/`.
2
Open a terminal or command prompt on the database server.
3
Navigate to the `$ORACLE_HOME/bin` directory.
4
Execute the `orapki wallet open` command, providing the path to your wallet.
orapki wallet open -wallet /path/to/your/wallet
5
If your wallet is password protected, you will be prompted to enter the wallet password.
6
After successful execution, try connecting to the database again.

2. Ensure Wallet Auto-Opening is Configured Correctly medium

Verify and set the `WALLET_LOCATION` and `ENCRYPTION_WALLET` parameters in `sqlnet.ora`.

1
Locate the `sqlnet.ora` file. This is usually found in `$ORACLE_HOME/network/admin` or `$ORACLE_HOME/dba/`.
2
Open `sqlnet.ora` in a text editor.
3
Ensure the `WALLET_LOCATION` parameter is correctly set to the absolute path of your wallet directory. If it's commented out or missing, add it.
WALLET_LOCATION = "/path/to/your/wallet"
4
If you are using an encrypted wallet, ensure the `ENCRYPTION_WALLET` parameter is set to `1` (or `TRUE`).
ENCRYPTION_WALLET = 1
5
Save the `sqlnet.ora` file.
6
Restart any Oracle processes that might be using the wallet or try connecting to the database again. For some services (like listener or database instance), a restart might be necessary for changes in `sqlnet.ora` to take effect.

3. Check and Set Wallet Permissions medium

Verify that the Oracle OS user has read and write permissions to the wallet directory.

1
Identify the Oracle OS user (e.g., `oracle`) that runs the database processes.
2
Determine the exact path to your Oracle Wallet directory (as specified in `sqlnet.ora`).
3
Open a terminal or command prompt on the database server.
sudo su - oracle
4
Navigate to the parent directory of your wallet.
cd /path/to/parent/of/wallet
5
Check the permissions of the wallet directory.
ls -ld wallet_directory_name
6
If permissions are incorrect, grant read and execute permissions to the Oracle OS user. For example, if your wallet is in `/opt/oracle/wallet` and the owner is `oracle`:
sudo chown -R oracle:oinstall /opt/oracle/wallet
sudo chmod -R 750 /opt/oracle/wallet
7
Try connecting to the database again.

4. Re-create or Refresh the Wallet Contents advanced

If wallet corruption is suspected, re-create or refresh its contents.

1
Backup your existing wallet directory to a safe location.
2
Identify the necessary certificates or keys that should be in your wallet. This might involve consulting your security administrator or documentation.
3
Open a terminal or command prompt on the database server.
cd $ORACLE_HOME/bin
4
If the wallet is password protected, you might need to open it first (as in Solution 1) to extract its contents or to be able to add new ones.
orapki wallet open -wallet /path/to/your/wallet
5
Use `orapki` to re-import the necessary certificates or keys. For example, to import a certificate:
orapki wallet add_certificate -wallet /path/to/your/wallet -cert /path/to/certificate.cer
6
If you need to re-create the wallet entirely (e.g., if you have the master key or can regenerate the necessary components), you can do so using `orapki wallet create`.
orapki wallet create -wallet /path/to/new/wallet -auto_login
7
Ensure your `sqlnet.ora` file points to the correct `WALLET_LOCATION`.
8
Test the connection to the database.