When you are generating certificates, you might from time to time encounter this:
Code:
failed to update database
TXT_DB error number 2
You'll notice that EasyRSA has generated an
empty key-file.
What's the problem and what do you do?
The problem is that you're generating a certificate for a domain-name that has already had a (different) certificate issued. Even if you no longer have a copy of that cert, OpenSSL still remembers that it issued one.
To remedy the problem, go to the
conf/index file in the EasyRSA directory. (There will be an
index.attr file nearby.) You will find that this is simply a text file. Use a text-editor to locate and remove the line for the domain, then re-save the file.
Of course, you should do this with full understanding of what you are actually doing and what it actually means. That database is there for a reason .. to
prevent you from issuing duplicate certificates, and this is probably what you do want. (Therefore, I do
not recommend that you follow the admonition to "just turn duplicate-checking off.")
HTH!