zeldor.biz

Linux, programming and more

Copyright © 2023
Log in

TXT_DB error number 2 failed to update database

November 13, 2013 by Igor Drobot 17 Comments

OpenVPN Logo

While signing a certificate for a new OpenVPN user, I received the following error message which stops the whole process (exit code 1)

Certificate is to be certified until Nov 6 08:53:05 2023 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2

Problem:
Because you have generated your own self signed certificate with the same CN (Common Name) information that the CA certificate that you’ve generated before.

Enter another Common Name.

Filed Under: Linux, OpenVPN Tagged With: OpenVPN, Roadwarrior

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Comments

  1. lukpecyn says

    November 20, 2019 at 13:57

    Simply way is just to revoke old certificate and then sign new certificate.

  2. John Doe says

    June 20, 2019 at 04:05

    Thanks, changing the ‘unique_subject = no in index.txt.attr’, fixed the issue for me.

  3. jesvilnie says

    May 24, 2019 at 12:57

    You can also edit the file “index.txt.attr” and set “unique_subject” to “no”. Then you’d get duplicated CN in your DB, but it’s usefull when you want to renew a certificate =).

  4. Ercy says

    March 22, 2019 at 20:34

    Thanks!

    The comments help too

  5. Jose says

    July 3, 2018 at 16:24

    Still helping people as of this morning, thanks ;)

  6. adebayo says

    March 20, 2018 at 19:45

    thanks mate

  7. derek says

    February 5, 2018 at 22:38

    Thanks for that follow up Der Osterhase.

  8. Der Osterhase says

    October 18, 2017 at 15:43

    Besides this is an older article, I came here via Google. The suggestions are more or less incomplete.

    In your index.txt every cert you generated is listed. As long as a valid (not expired) cert with the same DN is already available, you cannot create a new one with the same DN. There are multiple solutions:

    1) Set unique_subject = no in index.txt.attr so you are allowed to generate as many certs with the same DN as you want. This is a bad solution since the D in DN means “distinguished”. If you generate multiple certs with the same DN, you can no longer easily distinguish them.

    2) Delete the entry from the index. OpenSSL has no longer the knowledge about the already existing cert and will generate a new one. This is a quick and very dirty solution since the former generated cert is still valid and can be used. Same problem as in 1).

    3) Revoke the already existing cert: openssl ca -revoke . The index.txt will be changed and the cert is marked as revoked/invalid. Now you can generate a new one with the same DN.

  9. Thomas says

    October 16, 2017 at 22:03

    Nice, Thank you.

  10. amin says

    March 11, 2017 at 07:54

    THANKS. WORKED. :)

  11. nimarus says

    March 2, 2017 at 08:49

    Yup, also worked for me, thanks!

  12. Yonni says

    June 29, 2016 at 08:57

    Thanks! Worked

  13. ieio says

    May 27, 2016 at 11:38

    In case you need to sign two certificate with the same CM you can modify your database attr with unique_subject = no

  14. Manoj says

    March 28, 2016 at 14:33

    Work for me!!

  15. vikas027 says

    March 6, 2016 at 15:38

    I just manually deleted the entry from the index.txt file and it worked for me.

  16. t123yh says

    September 30, 2015 at 12:37

    Great.

  17. sham says

    March 9, 2014 at 17:05

    Solved my issue.

Leave a Reply

Your email address will not be published. Required fields are marked *