From b6c23d6c91b70d1ec69b606959fb259433b3e5d2 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Wed, 26 Feb 2020 11:43:10 +0100 Subject: [PATCH] Document debugging an issue with generating fedora-messaging certificates Signed-off-by: Pierre-Yves Chibon --- fedora_messaging_certificates.md | 44 ++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/fedora_messaging_certificates.md b/fedora_messaging_certificates.md index 9639000..4e09be5 100644 --- a/fedora_messaging_certificates.md +++ b/fedora_messaging_certificates.md @@ -44,3 +44,47 @@ git push Source: https://pagure.io/fedora-infrastructure/issue/8638 + + +## Debugging + +If when generating the certificates, you run into the following error: +``` +failed to update database +TXT_DB error number 2 +``` + +The full output looking something like +``` + +Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017 +Generating a 2048 bit RSA private key +.+++ +.....+++ +writing new private key to '/..../files/rabbitmq/staging/pki/private/monitor-gating.stg.key.PhSK949Ny8' +----- +Using configuration from /..../files/rabbitmq/staging/pki/safessl-easyrsa.cnf +Check that the request matches the signature +Signature ok +The Subject's Distinguished Name is as follows +commonName :ASN.1 12:'monitor-gating.stg' +Certificate is to be certified until Feb 9 14:52:07 2023 GMT (1080 days) +failed to update database +TXT_DB error number 2 + +Easy-RSA error: + +signing failed (openssl output above may have more detail) +``` + +This is because you're trying to generate a certificate for a name that already +exists in the database (as explained in: +https://zeldor.biz/2013/11/txt_db-error-number-2-failed-to-update-database/) + +The easiest way around this is to simply to a ``git grep ``. +It should tell you that the name can be found in ``index.txt`` (and potentially +``index.txt.old`` if another certificate was generated since the first attempt +and yours). + +Edit this/these file(s) and remove the line concerning your certificate, then +re-run the `easyrsa` command as above.