If openssl ca tells you this:
failed to update database TXT_DB error number 2
it means that you have it configured not to sign a certificate for the same user multiple times, but you've gone ahead and asked it to do so anyway. Add this line to the section for your default CA in openssl.conf:
unique_subject = no
If you've already been signing some keys and you want to keep what you've done so far, you may also need to make similar changes in index.attr and possibly index.attr.old.