During two-step installation of externally-signed CA, installation can fail because host authority's private key cannot be located (a temporary condition), causing LWCA key replication codepaths to fire, which throw a NullPointerException because the host authority has not yet been assigned an AuthorityID.
Log file: /var/log/pki/pki-ca-spawn.20160921163609.log Loading deployment configuration from external-step2.cfg. Installing CA into /var/lib/pki/pki-tomcat. Installation failed: <!DOCTYPE html><html><head><title>Apache Tomcat/8.0.36 - Error report</title><style type="text/css">H1 {font-famil y:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans- serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;ba ckground-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:whi te;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,san s-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 500 - java.lang.NullPointerExceptio n</h1><div class="line"></div><p><b>type</b> Exception report</p><p><b>message</b> <u>java.lang.NullPointerExcepti on</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b></p><pre>org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerExcep tion org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:77) ... </pre><p><b>root cause</b></p><pre>java.lang.NullPointerException java.util.TreeMap.getEntry(TreeMap.java:347) java.util.TreeMap.containsKey(TreeMap.java:232) java.util.Collections$SynchronizedMap.containsKey(Collections.java:2578) com.netscape.ca.CertificateAuthority.initSigUnit(CertificateAuthority.java:1572) com.netscape.ca.CertificateAuthority.init(CertificateAuthority.java:525) com.netscape.cmscore.apps.CMSEngine.reinit(CMSEngine.java:1344) com.netscape.certsrv.apps.CMS.reinit(CMS.java:191) com.netscape.cms.servlet.csadmin.ConfigurationUtils.reInitSubsystem(ConfigurationUtils.java:2299) org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:181) org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:121) ... </pre><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/8.0.36 logs.</u>< /p><hr class="line"><h3>Apache Tomcat/8.0.36</h3></body></html> Please check the CA logs in /var/log/pki/pki-tomcat/ca.
Observed in pki-core-10.3.5-6.fc24; origin/DOGTAG_10_3_BRANCH at commit 281cb00d06c34a5ea4f1393aab59b39cc2e5f168.
attachment pki-ftweedal-0135-Do-not-attempt-LWCA-key-retrieval-for-host-authority.patch
Per email comments from ftweedal: 10.4.0
Pushed to...
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: 10.3.7
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2586
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.