What were you trying to do that didn't work?

we have an automated test for issue https://github.com/dogtagpki/pki/issues/4669  where we are trying to simulate failure of exchange of private keys between server and replica. scenario goes like this:

1. Setup a freeipa server and a replica
2. Stop ipa-custodia service on replica
3. Create a LWCA on the replica
4. Verify LWCA is recognized on the server
5. Run `ipa ca-show <LWCA>` on replica and verify that LWCA is not listed and error into `ipa: ERROR: The certificate for lwca1 is not available on this server.`

Please provide the package NVR for which bug is seen:

 idm-pki-ca-11.5.0-1.el9.noarch

ipa-server-4.11.0-9.el9_4.x86_64

How reproducible:

always

Steps to reproduce

1. Setup a freeipa server and a replica
2. Stop ipa-custodia service on replica
3. Create a LWCA on the replica
4. Verify LWCA is recognized on the server
5. Run `ipa ca-show <LWCA>` on replica

Expected results

ipa: ERROR: The certificate for lwca1 is not available on this server.

Actual results

ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500.

relevant pki/debug log:

org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException: Cannot invoke "com.netscape.ca.CASigningUnit.getCert()" because "this.mSigningUnit" is null