Failed to update database txt db error number 2 openvpn

OpenVPN Failed To Update Database txt_db Error Number 2 causing trouble? We are here to help.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team recently helped out a customer with OpenVPN Failed To Update Database txt_db Error Number 2.

All About OpenVPN Failed To Update Database txt_db Error Number 2

OpenVPN is a stable interface for VPN applications. Moreover, it works flawlessly and enhances the user’s experience as well. However, it still throws up an error every now and then. The following error is one such error:

“OpenVPN failed to update database txt_db error number 2”

This error causes OpenVPN to stop working by crashing the application. According to our Support Engineers, this error is due to a bug in OpenVPN. It prevents access to resource files which are crucial to the smooth functioning of OpenVPN.

How to resolve OpenVPN Failed To Update Database Error

Our Support Engineers offer three different options to resolve this specific error:

• Restarting the application
• Checking files
• Reinstalling OpenVPN

Restarting the application is done by accessing the task manager and terminating the application normally. In some cases, we may have to force close it. Once this is done, we can start the application again. Interestingly, this approach frees up resources, allowing OpenVPN to work seamlessly in certain scenarios.

The next option is to make sure that all of the files we need for OpenVPN to function normally have not been deleted or damaged. Deleting or damaging any of the files will result in the error, preventing OpenVPN from updating the database.

If the above two options did not help resolve the error, the last option is to reinstall the application. Our Support Techs would like to point out that we need to ensure we remove the registry files as well. Reinstalling OpenVPN will replace all files, thereby helping us overcome the error.

[Looking for a solution to another query? We are just a click away.]

Conclusion

At the end of the day, our skilled Support Engineers at Bobcares demonstrated how to deal with OpenVPN Failed To Update Database errors.

unixforum.org

Форум для пользователей UNIX-подобных систем

• Темы без ответов
• Активные темы
• Поиск
• Статус форума

Решено: OpenVPN 2.2.0 (failed to update database TXT_DB error number 2)

Модератор: SLEDopit

Решено: OpenVPN 2.2.0

Сообщение leksstav » 13.06.2011 18:37

При попытке поднять OpenVPN, на последнем шаге создания сертификата клиента выпадает такая вот ошибка

failed to update database
TXT_DB error number 2

Вот весь процесс создания сервера.

Файл adm.crt создался, но он пустой

Re: Решено: OpenVPN 2.2.0

Сообщение leksstav » 13.06.2011 19:22

Ларчик, как всегда просто открылся.

И делаем как здесь написано

Allowing non-unique subjects

By default the openssl database configuration disallows duplicate subject entries. This is to ensure that no certificates are issued more than once with the same Subject as this could lead to confusion if the wrong certificate is used. Unfortunately this also prevents the issuing of a new certificate before the existing certificate has expired which is often required so that a seam-less transition can be effected between one certificate and the other.

When an attempt is made to certify a CSR which would result in a duplicate entry being written to the database the following error will be displayed.

failed to update database

TXT_DB error number 2

If you wish to be able to insert duplicate subject keys into the database then the change shown below will allow this.
/etc/certauth/hacking/database/index.txt.attr

unique_subject = yes
unique_subject = no

В файле index.txt.attr

Строчку
unique_subject = yes
меняем на unique_subject = no

Источник

OpenVPN Support Forum

Community Support Forum

[SOLVED] «TXT_DB error number 2» on build-key.bat

[SOLVED] «TXT_DB error number 2» on build-key.bat

Post by wyoelect » Fri Jan 21, 2011 2:55 pm

Everything builds fine until we hit the client cert. build. Signatures match. and I’ve tried adding/removing/changing various values with no luck. The client name is a solid alpha string (no dashes, spaces or underscores).
Has anyone seen this pesky critter? Running 2.1.3 on Server 2000.

Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’US’
stateOrProvinceName :PRINTABLE:’**’
localityName :PRINTABLE:’**’
organizationName :PRINTABLE:’**’
commonName :PRINTABLE:’**’
emailAddress :IA5STRING:’**’
Certificate is to be certified until Jan 18 14:37:53 2021 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
Could Not Find C:Program FilesOpenVPNeasy-rsakeys*.old

** = commented out local values

Re: «TXT_DB error number 2» on build-key.bat client cert

Post by gladiatr72 » Fri Jan 21, 2011 3:18 pm

The TXT_DB error indicates some kind of duplication in index.txt. If this is your first certificate, index.txt should be empty (I’m assuming this to be so because of the warning indicating index.txt.old doesn’t exist).

Re: «TXT_DB error number 2» on build-key.bat client cert

Post by wyoelect » Fri Jan 21, 2011 3:26 pm

Источник

OpenVPN Support Forum

Community Support Forum

TXT_DB error number 2

TXT_DB error number 2

Post by adis763 » Fri Apr 22, 2011 7:56 am

I have this error when i try to make a new client key.
After confiramtion of questions.
Sign the certificate?

I get this error
faild to update database
TXT_DB error number 2
Could not find C:Program FilesOpenVPNeasy-rsakeys*old

Could someone help me with that?

Re: TXT_DB error number 2

Post by janjust » Fri Apr 22, 2011 6:05 pm

Re: TXT_DB error number 2

Post by adis763 » Mon Apr 25, 2011 12:45 pm

Re: TXT_DB error number 2

Post by janjust » Tue Apr 26, 2011 9:17 am

Re: TXT_DB error number 2

Post by alkmie » Fri Feb 22, 2013 8:20 pm

I’m having the same problem but when I try and build the server.crt. I get this error and my server.crt is blank when I open it

here is my index.txt

V 230220200746Z 01 unknown /C=US/ST=OK/L=OklahomaCity/O=OpenVPN/OU=changeme/CN=Mike/name=changeme/emailAddress=#####@yahoo.com

I hashed out my email

Ok this appears to happen after I build the next crt. Has I tried building the server.crt first and it worked but then I was unable to create the client.crt

if I save my keys can I mix and match crt or are they unique to each build as I copied my keys folder before clean-all. I wouldn’t think so but I thought I might ask as I’m not sure

Re: TXT_DB error number 2

Post by alkmie » Fri Feb 22, 2013 8:57 pm

I made a backup off my crt and server.crt then ran clean-all. Then copy the ca.crt, server.crt everything but the index.txt and was able to make them this way

however when I try to connect with my android

Источник

Tips & tricks

TXT_DB error number 2 failed to update database

• Get link
• Facebook
• Twitter
• Pinterest
• Email
• Other Apps

As I m completly unaware of the openssl use, I only write here some observations I made :

If after the command :
you got the following error message :
This is probably because you have generated your own signing certificate with the same Common Name (CN) information that the CA certificate that you’ve generated before.

Simply input a different Common Name each time you are asked should do the trick.

• Get link
• Facebook
• Twitter
• Pinterest
• Email
• Other Apps

ERROR Messages
===================
failed to update database TXT_DB error number 2
Solution 1:
Here’s the line I added to the openssl.conf file:
[ CA_default ]
unique_subject = no
This may or may not work

Solution 2 :
Change the attribute to /etc/ssl/index.txt.attr «unique_subject = no»
Refer: http://rt.openssl.org/Ticket/Display.html?id=502&user=guest&pass=guest

Solution 3: Remove entry from etc/ssl/index.txt and etc/ssl/serial
Very less likely you need to do that.

Solution 4: Always create Certs with new subject , COMMAN NAME.

I don’t want to create a new common name because I’m just «renewing» (creating a new one) for an expired certificate.

What is the correct procedure in this case?

Источник

Can’t generate client-side certificate after becoming my own Certificate Authority

I created a root pair, created an intermediate pair, and signed a server certificate, which I installed on squid like this:

in squid3.conf

Squid starts up just fine with this. Still not sure if it’s actually working or not.

When I try to generate a client-side certificate to install in a browser that will be accessing the internet through the proxy I end up with an error:

It states that if I’m going to create a client certificate for authentication, I’ll need to use the ‘usr_crt’ extension and so I run:

I don’t understand why I am getting the TXT_DB error number 2 message when I am running the command as root (on another machine of course).

According to the tutorial, I should be able to change the Common Name during this process.

2 Answers 2

TXT_DB error number 2 means DB_ERROR_INDEX_CLASH.

You’ve tried to submit a certificate into the OpenSSL CA database with the same index twice.

The cause of this is usually submitting a certificate to the database that contains the same Serial Number or same Common Name. For the latter, check for the unique_subject option in the intermediate/openssl.conf file, which you can read about in man ca .

The Common Name for a client certificate can be anything — your name, for example.

The Common Name will be specified in the intermediate/openssl.conf file. It can be configured to either prompt for values or read values from the config file. This is controlled by the prompt option, which you can read about in man req .

According to the tutorial, I should be able to change the Common Name during this process

That tutorial tells you to generate a new key with openssl genrsa AND new CSR with openssl req -new AND create the cert from the CSR with openssl ca . (Although like too many people it wrongly says a cert is created by ‘sign[ing] the CSR’. The CA does not sign the CSR. The CA signs the cert, which is creates partly based on the CSR, but is different from the CSR. /rant)

When you generate a new CSR you specify the subject name, including but not limited to the Common Name, which as it says must differ from the CA certs above it, and should differ from other EE certs to avoid confusion.

openssl ca can actually override the subject name for an issued cert (the whole name, not Common Name individually), but this will lead to certs with different names for the same key which is at best unnecessarily confusing and typically less secure (although you don’t care about that part, others do, so it isn’t made easy).

Error Loading extension in section usr-crt
. no value . name=email_in_dn
Could this be coming from an upstream defaults file .

Not directly. openssl ca -config xxx uses xxx, and only xxx, as its config file. If your file is derived from upstream, the section name you want is usr_cert as you have apparently discovered, but you don’t need to specify usr_cert because it’s the default. The error message about email_in_dn is just leftover in the error stack and the only real error was usr-crt ; once you fix that -noemailDN isn’t needed although you may want it anyway.

Does this have something to do with subjectNameAlt?

Assuming you mean unique_subject , no. subjectAltName (not subjectNameAlt ) aka SAN is a common extension which specifies alternate names for the subject, but unique_subject relates only the basic Subject field not any SAN.

client-side certificate to install in a browser that will be accessing the internet through the proxy

To be clear, a client cert like this is only useful in authenticating yourself to the proxy. You cannot use a cert in the client/browser to authenticate to something on the Internet through ANY HTTPS MitM, and you cannot use a client cert you issue yourself to authenticate to anybody else’s system(s) on the Internet.

Источник

Решено: OpenVPN 2.2.0 (failed to update database TXT_DB error number 2)

Модератор: SLEDopit

$this_var = suseguru:/etc/openvpn/easy-rsa/1.0 # source ./vars
suseguru:/etc/openvpn/easy-rsa/1.0 # ./clean-all
suseguru:/etc/openvpn/easy-rsa/1.0 # ./build-ca
Generating a 1024 bit RSA private key
.........++++++
........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [RU]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [Stavropol]:
Organization Name (eg, company) [trust]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:suseguru
Email Address [root@localhost]:
suseguru:/etc/openvpn/easy-rsa/1.0 # ./build-key-server trust
Generating a 1024 bit RSA private key
.............++++++
...........++++++
writing new private key to 'trust.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [RU]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [Stavropol]:
Organization Name (eg, company) [trust]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:suseguru
Email Address [root@localhost]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/1.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'RU'
stateOrProvinceName   :PRINTABLE:'NA'
localityName          :PRINTABLE:'Stavropol'
organizationName      :PRINTABLE:'trust'
commonName            :PRINTABLE:'suseguru'
emailAddress          :IA5STRING:'root@localhost'
Certificate is to be certified until Jun 10 14:29:13 2021 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
suseguru:/etc/openvpn/easy-rsa/1.0 # ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
................................................................................
.......+.........+..................................................+...........
.
............................................+...................................
.
......+.........................................................................
.
............+..............+.....................................+..............
.
..+..............................+..........+............++*++*++*
suseguru:/etc/openvpn/easy-rsa/1.0 # ./build-key adm
Generating a 1024 bit RSA private key
.....................++++++
..............................++++++
writing new private key to 'adm.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [RU]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [Stavropol]:
Organization Name (eg, company) [trust]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:suseguru
Email Address [root@localhost]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/1.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'RU'
stateOrProvinceName   :PRINTABLE:'NA'
localityName          :PRINTABLE:'Stavropol'
organizationName      :PRINTABLE:'trust'
commonName            :PRINTABLE:'suseguru'
emailAddress          :IA5STRING:'root@localhost'
Certificate is to be certified until Jun 10 14:30:24 2021 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2