openssl ca: failed to update database, TXT_DB error number 2

Uncategorized , , , , , 0 Comments

I wanted to renew an SSL certificate with openssl signed by our internal CA but got the TXT_DB error number 2.

Fortunately I found the solution on a micro how-to at (found by Google).

$ openssl ca ...
failed to update database
TXT_DB error number 2

You may see this when trying to generate a new SSL certificate, but the same
DN (the common name, etc.) was used before (and recorded in index.txt).

Many people should see this error, because we frequently rotate SSL certificates
with new ones for additional security ;)

You may then discover the fix is to set 'unique_subject = no' in openssl.cnf,
but find that it still doesn't work.

This is because when initialising the CA, the setting was duplicated into
index.txt.attr to confuse you.

Thanks for it 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.