Troubleshooting Guide
Problem
When I create a new Certificate, I get the following error:
When I check the GENERATE.LOG file, I get the following error at the bottom of the log:
failed to update database
TXT_DB error number 2
Possible
Cause
You may be trying to create two certificates with the same Common Name
(CN). SSL
requires unique Common Names in order to work properly.
Solution
Make sure that all certificates that are created by or used with the Security
Server have unique Common Names (CN).
Problem
We have deployed many Self Signed Client Certificates that we have created
with a Self Signed Signing Certificate and have noticed that we are now
having intermittent SSL connection problems.
Possible
Cause
It's possible that you may have accidentally created more than one Signing
Certificate with the same Common Name. Normally,
the Security Server keeps track of the Common Names of all certificates
created by the Security Server and will prevent the Security Server administrator
from creating multiple certificates with the same Common Name. However,
if the file that keeps track of certificate creation becomes corrupt or
if is missing because the Security Server has been moved to a new server,
it is possible to create two certificates with the same Common Name.
In order for SSL to work properly, the certificate Common Name (CN) must be unique across multiple certificates.
For example, if you have two signing certificates with the same Common Name that hash to 32746aee.0 and 32746aee.1, your clients may have problems connecting reliably because SSL will stop searching when it finds the first certificate with a matching Common Name. If this happens to be the wrong certificate, the SSL connection will fail.
Solution
Use only one Signing Certificate to create your Client Certificates or
make sure that all of your Signing Certificates have unique Common Names.