Failed To Update Database Txt_db Error Number 2 Openssl Ca
21:14 Tags: OpenVPN, Roadwarrior. While signing a certificate for a new OpenVPN user, I received the following error message which stops the whole process (exit code 1) Certificate is to be certified until Nov 6 08:53:05 2023 GMT (3650 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 Problem: Because you have generated your own self signed certificate with the same CN (Common Name) information that the CA certificate that you've generated before. Enter another Common Name. 6 Responses to "TXT_DB error number 2 failed to update database" Feed for this Entry Trackback Address Yonni June 29, 2016 at 08:57 Thanks! Worked ieio May 27, 2016 at 11:38 In case you need to sign two certificate with the same CM you can modify your database attr with unique_subject = no Manoj March 28, 2016 at 14:33 Work for me!! vikas027 March 6, 2016 at 15:38 I just manually deleted the entry from the index.txt file and it worked for me. t123yh September 30, 2015 at 12:37 Great. sham March 9, 2014 at 17:05 Solved my issue. « Upgrading Fedora to Schrodinger’s Cat v.19 Remote Mirroring with nc and dd » Leave a Reply Cancel Reply Name (required) Mail (will not be published) (required) Website « Upgrading Fedora to Schrodinger’s Cat v.19 Remote Mirroring with nc and dd » Search Search for: Categories Apple Bash Books Cisco Debian DIY FTP Fun HTTP IPv6 Kernel Linux Mac OS X Macroeconomic Mailing Mobile Monitoring MySQL Networking Nmap OpenVPN Programming Python Ruby Tcpdump Ubuntu Virtualization Windows Archives July 2015 December 2014 July 2014 March 2014 January 2014 December 2013 November 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 May 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 Tagsapache2 Apple arduino backup bash Cisco dd Debian Debian squeeze DIY Exim4 Fedora FTP Fun GIT Icinga IMAP Ipv6 Juniper KVM Linux LVM MA
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up How to revoke an openssl certificate http://zeldor.biz/2013/11/txt_db-error-number-2-failed-to-update-database/ when you don't have the certificate up vote 31 down vote favorite 10 I made an openssl certificate signed by the CA created on the local machine. This certificate was deleted and I don't have it anymore. It is impossible to create another certificate with the same commonName because openssl doesn't allow it and will generate the error: failed to update database TXT_DB error number 2 http://stackoverflow.com/questions/9496698/how-to-revoke-an-openssl-certificate-when-you-dont-have-the-certificate How can I revoke the certificate to create another one with the same commonName ? openssl certificate-revocation share|improve this question asked Feb 29 '12 at 9:40 leszek.hanusz 2,43811733 add a comment| 2 Answers 2 active oldest votes up vote 45 down vote accepted (Based on Nilesh's answer) In the default configuration, openssl will keep copies of all signed certificates in /etc/ssl/newcerts, named by its index number. So grep /etc/ssl/index.txt to obtain the serial number of the key to be revoked, e.g. 1013, then execute the following command: openssl ca -revoke /etc/ssl/newcerts/1013.pem #replacing the serial number The -keyfile and -cert mentioned in Nilesh's answer are only required if that deviates from your openssl.cnf settings. Alternatively you can also change /etc/ssl/index.txt.attr to contain the line unique_subject = no to allow multiple certificates with the same common name. If you have published the original certificate, revoking the old one is however the preferable solution, even if you don't run an OSCP server or provide CRLs. share|improve this answer edited Aug 10 '15 at 15:36 vincentleest 408317 answered Feb 25 '13 at 7:11 Tobias Kienzler 7,0441055111 2 Great answer! Thanks a lot! For easy-rsa users it is: /etc/openvpn/easy-rsa/revoke-full /etc/openvpn/ea
Carrié Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ failed to update database : TXT_DB error number 2 Hello, I'm running this command : $ openssl ca -config http://openssl.6102.n7.nabble.com/failed-to-update-database-TXT-DB-error-number-2-td6470.html ca.config -out foo.crt -infiles foo.csr it outputs .... Certificate is to be certified until Jun 24 11:47:42 2007 GMT (365 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 It seems that my db is corrupted, where can I get error message explanation ? I have read the man page about the "openssl ca" command (http://www.openssl.org/docs/apps/ca.html) there isn't any info about error this unclear error message number 2. Any one know failed to if there is a page that give minimal info about openssl error message ? -- Thomas Carrié ______________________________________________________________________ OpenSSL Project http://www.openssl.orgUser Support Mailing List [hidden email] Automated List Manager [hidden email] K. Hoercher Reply | Threaded Open this failed to update post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: failed to update database : TXT_DB error number 2 On 6/24/06, Thomas Carrié <[hidden email]> wrote: > Hello, > > I'm running this command : > > $ openssl ca -config ca.config -out foo.crt -infiles foo.csr > > it outputs > > .... > Certificate is to be certified until Jun 24 11:47:42 2007 GMT (365 days) > Sign the certificate? [y/n]:y > failed to update database > TXT_DB error number 2 seems to be DB_ERROR_INDEX_CLASH Probably there's already an entry for your foo.csr (and no no_unique_subject). regards K. Hoercher ______________________________________________________________________ OpenSSL Project http://www.openssl.orgUser Support Mailing List [hidden email] Automated List Manager [hidden email] Thomas Carrié Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: failed to update database : TXT_DB error number 2 On Saturday 24 June 2006 23:29, K. Hoercher wrote: > seems to be DB_ERROR_INDEX_CLASH > Probably there's already an entry for your foo.csr (and no > no_unique_subject You're right, there is an entry for this domain