Failed To Update Database Txt_db Error Number 2
Contents |
21:14 Tags: OpenVPN, Roadwarrior. While signing a certificate for a new OpenVPN user, I received the following error message which stops the whole process (exit code openssl failed to update database txt_db error number 2 1) Certificate is to be certified until Nov 6 08:53:05 2023 GMT failed to update database txt_db error number 2 openvpn (3650 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 Problem: Because you have generated what is my ip your own self signed certificate with the same CN (Common Name) information that the CA certificate that you've generated before. Enter another Common Name. 6 Responses to "TXT_DB error number 2
Failed To Update Database Txt Db Error Number 2 Openvpn
failed to update database" Feed for this Entry Trackback Address Yonni June 29, 2016 at 08:57 Thanks! Worked ieio May 27, 2016 at 11:38 In case you need to sign two certificate with the same CM you can modify your database attr with unique_subject = no Manoj March 28, 2016 at 14:33 Work for me!! vikas027 March 6, 2016 at 15:38 I just failed to update databasetxt db error number 2 manually deleted the entry from the index.txt file and it worked for me. t123yh September 30, 2015 at 12:37 Great. sham March 9, 2014 at 17:05 Solved my issue. « Upgrading Fedora to Schrodinger’s Cat v.19 Remote Mirroring with nc and dd » Leave a Reply Cancel Reply Name (required) Mail (will not be published) (required) Website « Upgrading Fedora to Schrodinger’s Cat v.19 Remote Mirroring with nc and dd » Search Search for: Categories Apple Bash Books Cisco Debian DIY FTP Fun HTTP IPv6 Kernel Linux Mac OS X Macroeconomic Mailing Mobile Monitoring MySQL Networking Nmap OpenVPN Programming Python Ruby Tcpdump Ubuntu Virtualization Windows Archives July 2015 December 2014 July 2014 March 2014 January 2014 December 2013 November 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 May 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010
for all inquiries relating to the installation of OpenVPN from source and with binaries. Forum rules Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any openssl delete certificate from database questions in here! Post Reply Print view 3 posts • Page 1
Openssl Unique_subject
of 1 wyoelect OpenVpn Newbie Posts: 4 Joined: Thu Jan 20, 2011 6:22 pm [SOLVED] "TXT_DB error number 2"
Openssl Database
on build-key.bat Quote Postby wyoelect » Fri Jan 21, 2011 2:55 pm Everything builds fine until we hit the client cert. build. Signatures match...and I've tried adding/removing/changing various values with http://zeldor.biz/2013/11/txt_db-error-number-2-failed-to-update-database/ no luck. The client name is a solid alpha string (no dashes, spaces or underscores).Has anyone seen this pesky critter? Running 2.1.3 on Server 2000...... The return is:Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscountryName :PRINTABLE:'US'stateOrProvinceName :PRINTABLE:'**'localityName :PRINTABLE:'**'organizationName :PRINTABLE:'**'commonName :PRINTABLE:'**'emailAddress :IA5STRING:'**'Certificate is to be certified until Jan 18 14:37:53 2021 GMT (3650 days)Sign the certificate? https://forums.openvpn.net/viewtopic.php?t=7551 [y/n]:yfailed to update databaseTXT_DB error number 2Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old** = commented out local values Top gladiatr72 Forum Team Posts: 194 Joined: Mon Dec 13, 2010 3:51 pm Location: Lawrence, KS Re: "TXT_DB error number 2" on build-key.bat client cert Quote Postby gladiatr72 » Fri Jan 21, 2011 3:18 pm Hello,The TXT_DB error indicates some kind of duplication in index.txt. If this is your first certificate, index.txt should be empty (I'm assuming this to be so because of the warning indicating index.txt.old doesn't exist). -Stephen [..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole Top wyoelect OpenVpn Newbie Posts: 4 Joined: Thu Jan 20, 2011 6:22 pm Re: "TXT_DB error number 2" on build-key.bat client cert Quote Postby wyoelect » Fri Jan 21, 2011 3:26 pm Thanks Stephen...that was it. There was existing data in that index.txt file. Looks like we are on to the next part of the adventure.Scott Top Displ
Carrié Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ failed to http://openssl.6102.n7.nabble.com/failed-to-update-database-TXT-DB-error-number-2-td6470.html update database : TXT_DB error number 2 Hello, I'm running this command http://www.mad-hacking.net/documentation/linux/security/ssl-tls/signing-csr.xml : $ openssl ca -config ca.config -out foo.crt -infiles foo.csr it outputs .... Certificate is to be certified until Jun 24 11:47:42 2007 GMT (365 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 It seems that my db is corrupted, where can failed to I get error message explanation ? I have read the man page about the "openssl ca" command (http://www.openssl.org/docs/apps/ca.html) there isn't any info about error this unclear error message number 2. Any one know if there is a page that give minimal info about openssl error message ? -- Thomas Carrié ______________________________________________________________________ OpenSSL Project failed to update http://www.openssl.orgUser Support Mailing List [hidden email] Automated List Manager [hidden email] K. Hoercher Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: failed to update database : TXT_DB error number 2 On 6/24/06, Thomas Carrié <[hidden email]> wrote: > Hello, > > I'm running this command : > > $ openssl ca -config ca.config -out foo.crt -infiles foo.csr > > it outputs > > .... > Certificate is to be certified until Jun 24 11:47:42 2007 GMT (365 days) > Sign the certificate? [y/n]:y > failed to update database > TXT_DB error number 2 seems to be DB_ERROR_INDEX_CLASH Probably there's already an entry for your foo.csr (and no no_unique_subject). regards K. Hoercher ______________________________________________________________________ OpenSSL Project http://www.open
Request (CSR)Signing the request Once we have generated some Certificate Signing Requests we can move on to the next step which is to turn those CSRs into signed certificates. The example below continues from the request example in the previous section by signing the CSR we generated for our mail server. lisa ~ # cd /etc/certauth/hackinglisa hacking # openssl ca -in requests/mail.request.pem -out certificates/mail.cert.pemUsing configuration from /etc/ssl/openssl.cnf Enter pass phrase for /etc/certauth/hacking/private/cakey.pem: Check that the request matches the signature Signature OK Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Apr 10 10:55:04 2008 GMT Not After : Apr 10 10:55:04 2009 GMT Subject: countryName = GB stateOrProvinceName = Cambridgeshire organizationName = Hacking Networked Solutions organizationalUnitName = Mail Server commonName = mail.hacking.co.uk emailAddress = spamcatcher@hacking.co.uk X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: A5:A4:6F:AD:20:B2:AE:76:71:03:10:B3:DA:A0:CB:A0:0B:2B:48:4C X509v3 Authority Key Identifier: keyid:22:75:75:B7:70:D9:AA:4C:6D:59:D5:37:F8:82:63:24:F7:20:E3:9F X509v3 CRL Distribution Points: URI:http://www.hacking.co.uk/ca/crl.pem X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement Netscape Cert Type: SSL Client, SSL Server, S/MIME, Object Signing Certificate is to be certified until Apr 10 10:55:04 2009 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n] Write out database with 1 new entries Data Base Updated As you can see from the above example the certificate signing process is extremely simple. The openssl application first requests the password for the CA certificate's private key file. Assuming the password is entered correctly the request will be checked against the CA policy settings and, if it passes those checks, will be displayed so that the subject and extensions can be verified before signing the CSR. Once the CSR has been certified the resulting certificate is committed to the CA database. Allowing non-unique subjects By default the openssl database configuration disallows duplicate subject entries. This is to ensure that no certificates are issued more than once with t