XCOM SSL scripts "failed to update database", "TXT_DB error"
search cancel

XCOM SSL scripts "failed to update database", "TXT_DB error"


Article ID: 271430


Updated On:


XCOM Data Transport XCOM Data Transport - Linux PC XCOM Data Transport - Windows


Trying to implement root certificate from XCOM for Windows server1 on XCOM for Windows server2
Have previously run these 3 scripts makeca, makeclient, makeserver on both servers.
Have now:
1. Deleted all files on server2 under directories %XCOM_HOME%\ssl\certs and %XCOM_HOME%\ssl\private
2. Copied the certificate files cassl.pem (certs directory) and casslkey.pem (private directory) from server1 to the corresponding directories on server2.
3. When run script makeclient on server2 from a command prompt receive this message:
C:\Program Files\CA\XCOM\Ssl>makeclient
">>>>> Generating the sample client certificate..."
">>>>> Generating the client cert request..."
">>>>> Setting OPENSSL_CONF variable..."
Generating a 1024 bit RSA private key
writing new private key to 'C:\Program Files\CA\XCOM\ssl\private\clientkey.pem'
">>>>> Generating the client cert..."
Using configuration from C:\Program Files\CA\XCOM\\ssl\\cassl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'CA-XCOM Data Transport SSL Client'
localityName          :ASN.1 12:'clientssl_City'
stateOrProvinceName   :ASN.1 12:'clientssl_State'
countryName           :PRINTABLE:'US'
organizationName      :ASN.1 12:'clientssl_Company'
organizationalUnitName:ASN.1 12:'clientssl_Unit'
name                  :ASN.1 12:'clientssl_Name'
title                 :ASN.1 12:'clientssl_Title'
description           :ASN.1 12:'clientssl_Description'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Aug  8 23:51:36 2024 GMT (365 days)
failed to update database
TXT_DB error number 2

Note the last 2 lines:
failed to update database
TXT_DB error number 2

Although the file private\clientkey.pem was created with non-zero bytes the file certs\clientcert.pem was created with zero bytes.
Tried to delete index.txt and serial files but makeclient would then complain they were missing and would not execute.


As the 3 scripts had already been run on serevr2, first a file cleanup is required, before running the makeca script and then copying over the server2 certificate files.


Detailed steps:

1. On server 2 delete these files/directories:
  - certs and private directories in the %XCOM_HOME%\ssl directory
  - all index* files in the %XCOM_HOME%\ssl directory
  - all serial* files in the %XCOM_HOME%\ssl directory
  - random.pem file in the %XCOM_HOME%\ssl directory

2. On server2 just run the makeca script.
This will recreate the certs and private directories and the cassl.pem (certs) and casslkey.pem (private) files.
Delete those new files.

3. Copy the files cassl.pem (certs directory) and casslkey.pem (private directory) from server1 to the corresponding directories on server2.

4. On server 2:
Run the makeclient and makeserver scripts.

5. On server2:
Run the listca, listclient, and listserver scripts to view and check the certificates.

Additional Information

Test the SSL handshake from server1 to server2 using the command:
The result should be similar to this:
Copyright (c) 2012 CA.  All rights reserved.
XCOMN0882I RELEASE=r11.6   SP03 GEN LEVEL 22073    SYSTEM NAME=server2  SYSTEM ID=win2  

If errors still occur add "-t" parameter to the above command to get more trace output i.e.
Also, check the %XCOM_HOME%\xcom.log files on server1 and server2.