[Solved] easy-rsa/build-key = TXT_DB error number 2

Support forum for Easy-RSA certificate management suite.
Locked
thece
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 26, 2017 10:37 pm

[Solved] easy-rsa/build-key = TXT_DB error number 2

Post by thece » Thu Jan 26, 2017 10:58 pm

Hi all,

I'm trying to install OpenVPN server (2.4.0) on Windows Server 2008 R2.
Every time I submit the command "build-key" to make the client certificate I get the the error "TXT_DB error number 2".
Somebody can help me?

This is what I done

Code: Select all

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>clean-all
        1 file(s) copied.
        1 file(s) copied.

C:\Program Files\OpenVPN\easy-rsa>build-ca
WARNING: can't open config file: /etc/ssl/openssl.cnf
Generating a 2048 bit RSA private key
.............................................+++
...........................................+++
writing new private key to 'keys\ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:
Name [changeme]:
Email Address [mail@host.domain]:

C:\Program Files\OpenVPN\easy-rsa>build-key-server server
WARNING: can't open config file: /etc/ssl/openssl.cnf
Generating a 2048 bit RSA private key
.........................................+++
........................................................+++
writing new private key to 'keys\server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:
Name [changeme]:
Email Address [mail@host.domain]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'changeme'
commonName            :PRINTABLE:'changeme'
name                  :PRINTABLE:'changeme'
emailAddress          :IA5STRING:'mail@host.domain'
Certificate is to be certified until Jan 24 22:30:06 2027 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\Program Files\OpenVPN\easy-rsa>build-key client
WARNING: can't open config file: /etc/ssl/openssl.cnf
Generating a 2048 bit RSA private key
....................................................+++
.........................................................................................................................+++
writing new private key to 'keys\client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:
Name [changeme]:
Email Address [mail@host.domain]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'changeme'
commonName            :PRINTABLE:'changeme'
name                  :PRINTABLE:'changeme'
emailAddress          :IA5STRING:'mail@host.domain'
Certificate is to be certified until Jan 24 22:30:25 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old

C:\Program Files\OpenVPN\easy-rsa>
Thanks

thece
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 26, 2017 10:37 pm

Re: [build-key] TXT_DB error number 2

Post by thece » Fri Jan 27, 2017 10:20 am

Other details:

- all commands above are submitted by Administrator

- the only alteration in var.bat file, respect to the sample provided, is:

Code: Select all

set KEY_SIZE=2048

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2828
Joined: Fri Jun 03, 2016 1:17 pm

Re: [build-key] TXT_DB error number 2

Post by TinCanTech » Fri Jan 27, 2017 12:48 pm

Common Name must be unique:
thece wrote:C:\Program Files\OpenVPN\easy-rsa>build-key client
WARNING: can't open config file: /etc/ssl/openssl.cnf
Generating a 2048 bit RSA private key
....................................................+++
.........................................................................................................................+++
writing new private key to 'keys\client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]: Unique Common Name

thece
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 26, 2017 10:37 pm

Re: [build-key] TXT_DB error number 2

Post by thece » Fri Jan 27, 2017 1:40 pm

Yes, I feel so stupid :-( ... solved!

Many thanks @TinCanTech

Locked