Collections:
Other Resources:
OpenSSL "ca" Error "failed to update database TXT_DB error number 2"
Why I am getting the "failed to update database TXT_DB error number 2" error when running OpenSSL "ca" command?
✍: FYIcenter.com
If you are using the OpenSSL "ca" command to sign a CSR that has the same DN (Distinguished Name) fields as an old CSR you have signed before, you will get the "failed to update database TXT_DB error number 2" error as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> req -in rsa_test.csr -subject -noout subject= /C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc /emailAddress=john@donald.inc OpenSSL> x509 -in demoCA\newcerts\1001.pem -subject -noout subject= /C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc /emailAddress=john@donald.inc OpenSSL> ca -in rsa_test.csr -keyfile my_ca.key -cert my_ca.crt -policy policy_anything -out test.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4098 (0x1002) Validity Not Before: Jul 31 23:56:11 2016 GMT Not After : Jul 31 23:56:11 2017 GMT Subject: countryName = us stateOrProvinceName = NY localityName = New York organizationName = Donald Inc. organizationalUnitName = IT commonName = www.donald.inc emailAddress = john@donald.inc X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Authority Key Identifier: keyid:7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF Certificate is to be certified until Jul 31 23:56:11 2017 GMT (365 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 error in ca
The output of "req" and "x509" commands shows that the CSR, rsa_test.csr, has the same DN fields (the subject of the CSR) as an old certificate, .\demoCA\1001.pem, signed previously: "/C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc/emailAddress=john@donald.inc".
The output of "ca" command shows the error "failed to update database TXT_DB error number 2". This is because OpenSSL "ca" wants to maintain certificate database with unique subject value (DN fields).
In other words, you can not sign the same CSR twice with the OpenSSL "ca" command.
⇒ OpenSSL "ca -revoke" - Revoke a Certificate
2016-09-13, 14616🔥, 0💬
Popular Posts:
Certificate summary - Owner: www.phpbb.com, phpBB Limited, L=Marlow, ST=Buckinghamshire, GB, OID.2.5...
Where to find tutorials on using OpenSSL "genrsa" and "rsa" commands? Here is a collection of tutori...
Is there any example of server certificate failed to pass the validation of Symantec SSL/TLS Certifi...
Certificate Summary: Subject: www.java.com Issuer: Symantec Class 3 EV SSL CA - G3 Expiration: 2017-...
Certificate summary - Owner: www.ilivid.com, Domain Control Validated, www.ilivid.com Issuer: SERIAL...