Saturday, February 15, 2014

OpenSSL CA cannot sign request?!

Got the following error after signing one ore more requests?

failed to update database
TXT_DB error number 2

This is due to you are signing a request having duplicated CN.  That is, another request you signed before was having the same CN as the one you sign this time.

To allow signing duplicated CN, you need to edit the index.txt.attr file in your CA.  Change

unique_subject = yes


unique_subject = no

You will not encounter the same error again.