Oracle Error ORA-28391: Password Mismatch

Identify the exact command or operation that is failing with ORA-28391. This might be an attempt to open a wallet, close a wallet, or perform an operation that requires access to the wallet or HSM.

Carefully re-enter the password for the Oracle Wallet or HSM. Pay close attention to case sensitivity, special characters, and any leading or trailing spaces. If prompted, try entering the password multiple times to rule out a transient input issue.

If the password is being provided via a configuration file or script, ensure the password stored there is accurate and hasn't been accidentally modified.

Locate your Oracle Wallet directory. This is usually specified by the `WALLET_LOCATION` parameter in `sqlnet.ora` or environment variables.

Open a terminal or command prompt and navigate to the Oracle home directory or a directory containing the `orapwd` utility.

Use the `orapwd` utility to change the wallet password. You will need to provide the current password (if known, otherwise it will prompt for a new one and ask for confirmation) and the new password. Replace `[wallet_path]` with the actual path to your wallet and `[new_password]` with your desired new password.

orapwd file=[wallet_path] password=[new_password]

After successfully changing the password, attempt the operation that previously failed. You will now be prompted for the new password.

Verify that the HSM client software is correctly installed and configured on the Oracle database server. Check the HSM vendor's documentation for specific installation and configuration steps.

Ensure that the Oracle database process has the necessary permissions to access the HSM client and its configuration files.

Check the HSM client's configuration for the correct IP address/hostname and port of the HSM, as well as any authentication credentials (e.g., client certificates, shared secrets) required to connect to the HSM. These should match the HSM's configuration.

Consult the HSM vendor's documentation and support for specific tools or commands to test HSM connectivity and verify the credentials used by the Oracle database. This might involve using a vendor-provided utility to log in to the HSM and confirm the password or key used by Oracle.

Locate the `sqlnet.ora` file in your Oracle Net Services configuration directory (e.g., `$ORACLE_HOME/network/admin` or `~/sqlnet2/admin`).

Examine the `sqlnet.ora` file for parameters related to wallet or HSM usage, such as `ENCRYPTION_WALLET`, `WALLET_LOCATION`, and any HSM-specific parameters. Ensure these are correctly set.

ENCRYPTION_WALLET = (DIRECTORY=/path/to/your/wallet)

If you are using environment variables to specify the wallet location or password, verify that these variables are set correctly in the shell environment where the Oracle database is running.

export WALLET_LOCATION=/path/to/your/wallet

If the password is being provided through a password file (`cwallet.sso`), ensure its integrity and that the password used to create it matches what's expected. Consider recreating the password file if corruption is suspected.