-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-9.4
-
None
-
None
-
rhel-sst-idm-cs
-
ssg_idm
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
we have an automated test for issue https://github.com/dogtagpki/pki/issues/4669 where we are trying to simulate failure of exchange of private keys between server and replica. scenario goes like this:
1. Setup a freeipa server and a replica
2. Stop ipa-custodia service on replica
3. Create a LWCA on the replica
4. Verify LWCA is recognized on the server
5. Run `ipa ca-show <LWCA>` on replica and verify that LWCA is not listed and error into `ipa: ERROR: The certificate for lwca1 is not available on this server.`
Please provide the package NVR for which bug is seen:
idm-pki-ca-11.5.0-1.el9.noarch
ipa-server-4.11.0-9.el9_4.x86_64
How reproducible:
always
Steps to reproduce
1. Setup a freeipa server and a replica
2. Stop ipa-custodia service on replica
3. Create a LWCA on the replica
4. Verify LWCA is recognized on the server
5. Run `ipa ca-show <LWCA>` on replica
Expected results
ipa: ERROR: The certificate for lwca1 is not available on this server.
Actual results
ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500.
relevant pki/debug log:
org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException: Cannot invoke "com.netscape.ca.CASigningUnit.getCert()" because "this.mSigningUnit" is null