Openssl Failed To Update Database Txt Db Error Number
Contents |
21:14 Tags: OpenVPN, Roadwarrior. While signing a certificate for a new OpenVPN user, I received the following error message which stops the whole process (exit code 1) Certificate is to failed to update database txt_db error number 2 openvpn be certified until Nov 6 08:53:05 2023 GMT (3650 days) Sign the certificate?
Failed To Update Database Txt_db Error Number 2 Openssl
[y/n]:y failed to update database TXT_DB error number 2 Problem: Because you have generated your own self signed certificate with the
Openssl Revoke
same CN (Common Name) information that the CA certificate that you've generated before. Enter another Common Name. 6 Responses to "TXT_DB error number 2 failed to update database" Feed for this Entry Trackback
Openssl Unique_subject
Address Yonni June 29, 2016 at 08:57 Thanks! Worked ieio May 27, 2016 at 11:38 In case you need to sign two certificate with the same CM you can modify your database attr with unique_subject = no Manoj March 28, 2016 at 14:33 Work for me!! vikas027 March 6, 2016 at 15:38 I just manually deleted the entry from the index.txt file and it worked for me. unique_subject = no t123yh September 30, 2015 at 12:37 Great. sham March 9, 2014 at 17:05 Solved my issue. « Upgrading Fedora to Schrodinger’s Cat v.19 Remote Mirroring with nc and dd » Leave a Reply Cancel Reply Name (required) Mail (will not be published) (required) Website « Upgrading Fedora to Schrodinger’s Cat v.19 Remote Mirroring with nc and dd » Search Search for: Categories Apple Bash Books Cisco Debian DIY FTP Fun HTTP IPv6 Kernel Linux Mac OS X Macroeconomic Mailing Mobile Monitoring MySQL Networking Nmap OpenVPN Programming Python Ruby Tcpdump Ubuntu Virtualization Windows Archives July 2015 December 2014 July 2014 March 2014 January 2014 December 2013 November 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 May 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 Tagsapache2 Apple arduino backup bash Cisco dd Debian Debian squeeze DIY Exim4 Fedora FTP Fun GIT Icinga IMAP Ip
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the openssl database company Business Learn more about hiring developers or posting ads with us Stack Overflow unique_subject = no openssl Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 6.2 easy-rsa revoke certificate million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up How to revoke an openssl certificate when you don't have the certificate up vote 32 down vote favorite 10 I http://zeldor.biz/2013/11/txt_db-error-number-2-failed-to-update-database/ made an openssl certificate signed by the CA created on the local machine. This certificate was deleted and I don't have it anymore. It is impossible to create another certificate with the same commonName because openssl doesn't allow it and will generate the error: failed to update database TXT_DB error number 2 How can I revoke the certificate to create another one with the same commonName ? openssl certificate-revocation share|improve this question asked http://stackoverflow.com/questions/9496698/how-to-revoke-an-openssl-certificate-when-you-dont-have-the-certificate Feb 29 '12 at 9:40 leszek.hanusz 2,45311733 add a comment| 2 Answers 2 active oldest votes up vote 46 down vote accepted (Based on Nilesh's answer) In the default configuration, openssl will keep copies of all signed certificates in /etc/ssl/newcerts, named by its index number. So grep /etc/ssl/index.txt to obtain the serial number of the key to be revoked, e.g. 1013, then execute the following command: openssl ca -revoke /etc/ssl/newcerts/1013.pem #replacing the serial number The -keyfile and -cert mentioned in Nilesh's answer are only required if that deviates from your openssl.cnf settings. Alternatively you can also change /etc/ssl/index.txt.attr to contain the line unique_subject = no to allow multiple certificates with the same common name. If you have published the original certificate, revoking the old one is however the preferable solution, even if you don't run an OSCP server or provide CRLs. share|improve this answer edited Aug 10 '15 at 15:36 vincentleest 418317 answered Feb 25 '13 at 7:11 Tobias Kienzler 7,1041055112 2 Great answer! Thanks a lot! For easy-rsa users it is: /etc/openvpn/easy-rsa/revoke-full /etc/openvpn/easy-rsa/01.pem and the list of all signed certificates with their index can be found in /etc/openvpn/easy-rsa/keys/index.txt –Thassilo Feb 17 at 13:13 @Thassilo Good to know, thanks to you as well (and a slightly late welcome to SO as well :) &n
messages Frank Garber Reply | Threaded Open this post in threaded view ♦ http://openssl.6102.n7.nabble.com/ca-client-failed-to-update-database-TXT-DB-error-number-2-td14304.html ♦ | Report Content as Inappropriate ♦ ♦ ca client - failed to update database, TXT_DB error number 2 Hi Jorge,I got considerably farther and http://www.linuxquestions.org/questions/linux-security-4/fyi-how-to-resolve-failed-to-update-database-txt_db-error-number-2-in-openssl-or-easyrsa-4175587435/ generated the server key, but am now having a problem with the client key. I'm getting this error: failed to update database TXT_DB error number failed to 2Any thoughts?The full script is below:C:\Program Files\OpenSSL>ca clientSimple CA utilityWritten by Artur Maj ([hidden email])Warning!The content of the C:\CA\temp\vnc_client directory will be removed.Press CTRL-C to break, or ENTER to continue...--------------------------------------------------------------------Step 1: Generate the keys and the certificate request--------------------------------------------------------------------Loading 'screen' into random state - doneGenerating a 1024 bit RSA private key..++++++..++++++writing failed to update new private key to 'C:\CA\temp\vnc_client\client.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:ConnecticutLocality Name (eg, city) []:BurlingtonOrganization Name (eg, company) [Internet Widgits Pty Ltd]:ProsoftOrganizational Unit Name (eg, section) []:DSCommon Name (eg, YOUR name) []:FrankEmail Address []:[hidden email]Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:Favorite woodAn optional company name []:--------------------------------------------------------------------Step 2: Sign the certificate--------------------------------------------------------------------Using configuration from C:\Progra~1\OpenSSL\openssl.confLoading 'screen' into random state - doneEnter pass phrase for C:\CA\private\CAkey.pem:DEBUG[load_index]: unique_subject = "yes"Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscountryNam
HCL Search Reviews Search ISOs Go to Page... LinuxQuestions.org > Forums > Linux Forums > Linux - Security [SOLVED] FYI: how to resolve "failed to update database: txt_db error number 2" in OpenSSL or EasyRSA User Name Remember Me? Password Linux - Security This forum is for all security related questions. Questions, tips, system compromises, firewalls, etc. are all included here. Notices Welcome to LinuxQuestions.org, a friendly and active Linux Community. You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today! Note that registered members see fewer ads, and ContentLink is completely disabled once you log in. Are you new to LinuxQuestions.org? Visit the following links: Site Howto | Site FAQ | Sitemap | Register Now If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here. Having a problem logging in? Please visit this page to clear all LQ-related cookies. Introduction to Linux - A Hands on Guide This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter. For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own. Click Here to receive this Complete Guide absolutely free. Search this Thread 08-19-2016, 10:00 AM #1 sundialsvcs LQ Guru Registered: Feb 2004 L