Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (982)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2663)
What Is (22)
OpenSSL "ca" Error "failed to update database TXT_DB error number 2"
Why I am getting the "failed to update database TXT_DB error number 2" error when running OpenSSL "ca" command?
If you are using the OpenSSL "ca" command to sign a CSR that has the same DN (Distinguished Name) fields as an old CSR you have signed before, you will get the "failed to update database TXT_DB error number 2" error as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> req -in rsa_test.csr -subject -noout subject= /C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc /emailAddressemail@example.com OpenSSL> x509 -in demoCA\newcerts\1001.pem -subject -noout subject= /C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc /emailAddressfirstname.lastname@example.org OpenSSL> ca -in rsa_test.csr -keyfile my_ca.key -cert my_ca.crt -policy policy_anything -out test.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4098 (0x1002) Validity Not Before: Jul 31 23:56:11 2016 GMT Not After : Jul 31 23:56:11 2017 GMT Subject: countryName = us stateOrProvinceName = NY localityName = New York organizationName = Donald Inc. organizationalUnitName = IT commonName = www.donald.inc emailAddress = email@example.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Authority Key Identifier: keyid:7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF Certificate is to be certified until Jul 31 23:56:11 2017 GMT (365 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 error in ca
The output of "req" and "x509" commands shows that the CSR, rsa_test.csr, has the same DN fields (the subject of the CSR) as an old certificate, .\demoCA\1001.pem, signed previously: "/C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc/emailAddressfirstname.lastname@example.org".
The output of "ca" command shows the error "failed to update database TXT_DB error number 2". This is because OpenSSL "ca" wants to maintain certificate database with unique subject value (DN fields).
In other words, you can not sign the same CSR twice with the OpenSSL "ca" command.
⇒ OpenSSL "ca -revoke" - Revoke a Certificate
⇐ OpenSSL "ca" - Track CSR Signing History
2016-09-13, 10708👍, 0💬
How can I use Microsoft "certutil -viewstore" command? What are command options supported by "certut...
Certificate Summary: Subject: www.yahoo.com Issuer: DigiCert High Assurance CA-3 Expiration: 2014-05...
Certificate Summary: Subject: www.google.com Issuer: Google Internet Authority Expiration: 2013-06-0...
Certificate Summary: Subject: http://www.valicert.com/ Issuer: http://www.valicert.com/ Expiration: ...
How a Java application validates the certificate received from a server? Is the server's certificate...