Either remove them by hand from the database, or properly revoke them using 'openssl ca -revoke xyz.crt' Why it fails with MySQL example, though, escapes me. When I do official Howto way, I receive error: rem sign the cert request with our ca, creating a cert/key pair openssl ca -days 3650 -out c:\PROGRA~2\OpenVPN\easy-rsa\keys\client1.crt -in c:\PROGRA~2\OpenVPN\easy-rsa\key \client1.csr -config failed to update database TXT_DB error number 2 If you wish to be able to insert duplicate subject keys into the database then the change shown below will allow this. /etc/certauth/hacking/database/index.txt.attrunique_subject = Contributor QueuingKoala commented Sep 24, 2014 I'm closing this one out. have a peek here
t123yh September 30, 2015 at 12:37 Great. In the documentation of the mysql v. 4.0.10 there is written aprocedure for building up the mysql with the support from openssl and alsoabout setting up SSL certificates for MySQL: DIR=`pwd`/openssl Upgrading to Fedora 19 ► June (2) ► May (1) ► March (6) ► February (2) ► January (10) ► 2012 (124) ► December (8) ► November (11) ► October (13) current community chat Stack Overflow Meta Stack Overflow your communities Sign up or log in to customize your list. https://rt.openssl.org/Ticket/Display.html?id=502&user=guest&pass=guest
There are multiple solutions to this, as documented in the comment of the blog post I found. Three bat scripts create a something in index.txt who generate errors. Pekster or ecrist can have a look... Certificate is to be certified until Oct 5 21:19:18 2022 GMT (3650 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 To solve this I must do
You'll need to revoke that first. openssl certificate-revocation share|improve this question asked Feb 29 '12 at 9:40 leszek.hanusz 2,54811834 add a comment| 2 Answers 2 active oldest votes up vote 46 down vote accepted (Based on Nilesh's If anyone came here looking for help when they screwed up their revocation using OpenVPN's tool (like me), then you can copy the "revoke-full" script and make a change to it. Openssl Revoke Certificate Without File I understand it's not good method - I cannot what problems I do by this then write this case.
Labels (subset) alfresco (5) anonymous (3) arpwatch (4) biseri (9) C (7) centos (38) centos6 (18) computer networks (4) configuration (9) development (5) dns (6) english (188) fedora (37) firefox (7) Openssl Revoke Certificate comment:6 Changed 20 months ago by samuli Resolution set to wontfix Status changed from assigned to closed easy-rsa 2.x is effectively unmaintained -> closing as "wontfix". Unfortunately this also prevents the issuing of a new certificate before the existing certificate has expired which is often required so that a seam-less transition can be effected between one certificate http://openssl.6102.n7.nabble.com/failed-to-update-database-TXT-DB-error-number-2-td6470.html But the real solution is to revoke expired certificate, and then to sign a new one (note that you don't have to generate another CSR): ca -config openssl.cnf -revoke oldcert.crt -keyfile
Please consider documentaion for details. > Where did you get the constant DB_ERROR_INDEX_CLASH from ? ./crypto/txt_db/txt_db.h ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected] [prev in Openssl Database vikas027 March 6, 2016 at 15:38 I just manually deleted the entry from the index.txt file and it worked for me. Additional materials you'll find on my homepage. For easy-rsa users it is: /etc/openvpn/easy-rsa/revoke-full /etc/openvpn/easy-rsa/01.pem and the list of all signed certificates with their index can be found in /etc/openvpn/easy-rsa/keys/index.txt –Thassilo Feb 17 '16 at 13:13 @Thassilo
Visit the Trac open source project athttp://trac.edgewall.org/ [prev in list] [next in list] [prev in thread] [next in thread] List: openssl-users Subject: Re: failed to update database : TXT_DB error number Once you do that, you should find signing a request generated in the same PKI as your CA works. Failed To Update Database Txt_db Error Number 2 Openvpn Can time travel make us rich through trading, and is this a problem? Openssl Unique_subject Unfortunately you need a certificate present to revoke it.
If you have published the original certificate, revoking the old one is however the preferable solution, even if you don't run an OSCP server or provide CRLs. navigate here Please add any information/warning to README.txt file for new people who will be try generate certs from this README.txt file and they will be used the same CN and others entry. Detecting this situation ahead-of-time would require parsing the index.txt DB, and would need to include a way to disable the in-script check when intentionally duplicating CNs. Thought of something like that. Openssl Delete Certificate From Database
See the following for details: http://www.mad-hacking.net/documentation/linux/security/ssl-tls/revoking-certificate.xml share|improve this answer edited Oct 1 '12 at 19:01 Community♦ 11 answered Mar 1 '12 at 13:31 Nilesh 2,74221531 3 Some more details (assuming share|improve this answer edited Aug 10 '15 at 15:36 vincentleest 478418 answered Feb 25 '13 at 7:11 Tobias Kienzler 7,3591059115 2 Great answer! Detecting this situation ahead-of-time would require parsing the index.txt DB, and would need to include a way to disable the in-script check when intentionally duplicating CNs. http://3swindows.com/failed-to/failed-to-update-profile-list-profile-database-in-use.html Join them; it only takes a minute: Sign up How to revoke an openssl certificate when you don't have the certificate up vote 33 down vote favorite 11 I made an
Browse other questions tagged openssl certificate-revocation or ask your own question. Openssl Ca Renew Certificate Many people should see this error, because we frequently rotate SSL certificates with new ones for additional security ;) You may then discover the fix is to set 'unique_subject = no' Perhaps it should be a full answer. –Michael Hampton Feb 24 '13 at 20:16 @MichaelHampton Glad to hear, I reposted it –Tobias Kienzler Feb 25 '13 at 7:12 add
lisa hacking # openssl x509 -in certificates/mail.cert.pem -noout -text Creating a Certificate Signing Request (CSR)Revoking a signed certificateStrict XHTML© 2010-2014 MAD Hacking Skip to content Ignore Learn more Please note that GitHub Redesigned by Igor Drobot Entries Feed and Comments Feed 34 queries. 0.071 seconds. Radno vrijeme ambulante u sklopu Cvjetnog naselja... Openssl Updatedb Did you solve your problem in the meantime?
Cheers, Kuba # ThuJul0320:57:282003 Richard Levitte - Correspondence added Download (untitled) / with headers text/plain 391b [jaenicke - Thu Mar 27 23:28:28 2003]:Show quoted text> TXT_DB error number 2 is a Worked ieio May 27, 2016 at 11:38 In case you need to sign two certificate with the same CM you can modify your database attr with unique_subject = no Manoj March regards K. this contact form Here are the steps I followed: (all variables were properly defined and all commands were executed as root) ./easyrsa init-pki ./easyrsa build-ca nopass ./easyrsa gen-req $HOSTNAME nopass ./easyrsa sign-req server $HOSTNAME
Free forum by Nabble Edit this page ID's blog Linux TCP/IP, GreenIT and more… Blog About Log in « Upgrading Fedora to Schrodinger’s Cat v.19 Remote Mirroring with nc and dd I have edited the ca.db.index file and removed the entry for this domain, now it's works :-) Where did you get the constant DB_ERROR_INDEX_CLASH from ? -- Thomas Carrié http://thocar.orghttp://www.gnu.org/philosophy/use-free-software.fr.htmlhttp://www.lebars.org/sec/tcpa-faq.fr.htmlhttp://aful.org/publi/articles/gilmore-copy-protection.html______________________________________________________________________ OpenSSL Note: See TracTickets for help on using tickets. Why do shampoo ingredient labels feature the the term "Aqua"?
Best Regards Marcin Przysowa Attachments (1) bug_gen_cert.txt (4.8 KB) - added by SiB 4 years ago. This certificate was deleted and I don't have it anymore. my todo to show the error. I have read the man page about the "openssl ca" command (http://www.openssl.org/docs/apps/ca.html) there isn't any info about error this unclear error message number 2.