[Pki-users] Spawn KRA subsystem to existing CA instance fails with Error in setting certificate names and key sizes

Michal Kašpar michal at kaspar.in
Tue Aug 29 21:18:12 UTC 2017


Hello.
I've got a problem with spawning kra subsystem on existing Dogtag
instance which was created as part of IPA installation. When i run ipa-
kra-install or pkispawn -s KRA, the result is the same error in
/var/lib/pki/pki-tomcat/kra/logs/debug (see bellow).
The pki version is 10.4.1, the ca component works without problem.
I've tried turning off SELinux, checked file permissions on the pki-
tomcat componets but haven't found anything wrong.
Has anyone an idea, how to debug or solve this problem? The debug level
is set to 0 for KRA component and still no hint what might be the
problem.
Thank you for any hint.

The last lines in the debug log are:
29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: getting public key for certificate transport
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: getting private key for certificate transport
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: private key ID: 76c3a8268120fe025d
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: generating generic extensions
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: ConfigurationUtils: createGenericExtensions: begins
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: generating PKCS #10 request
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: storing cert request
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: configCert: caType is remote
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: ConfigurationUtils: updateConfig() for certTag storage
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: updateConfig() done
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: configCert: remote CA
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: CertRequestPanel: got public key
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: CertRequestPanel: got private key
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: ConfigurationUtils: injectSAN=false
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: CertUtil: content: {xmlOutput=[true], cert_request_type=[pkcs10], profil
eId=[caInternalAuthDRMstorageCert], cert_request=[MIICfjCCAWYCAQAwOTEV...
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: ConfigurationUtils: POST https://server:443/ca/ee/ca/profileSubmit
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]: Server certificate:
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]:  - subject: CN=server,O=REALM
[29/Aug/2017:13:21:54][http-bio-8443-exec-25]:  - issuer: CN=Certificate Authority,O=REALM
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: CertUtil: status: 0
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: CertUtil: cert: MMIIDdjC...
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: getting public key for certificate storage
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: getting private key for certificate storage
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: private key ID: 74c90cb1bb054bd06d9e8b6013
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: generating generic extensions
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: ConfigurationUtils: createGenericExtensions: begins
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: generating PKCS #10 request
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: storing cert request
java.lang.NullPointerException
        at java.util.Hashtable.put(Hashtable.java:459)
        at com.netscape.cmscore.base.SourceConfigStore.put(SourceConfigStore.java:57)
        at com.netscape.cmscore.base.PropConfigStore.put(PropConfigStore.java:157)
        at com.netscape.cmscore.base.PropConfigStore.putString(PropConfigStore.java:306)
        at org.dogtagpki.server.rest.SystemConfigService.updateConfiguration(SystemConfigService.java:593)
        at org.dogtagpki.server.rest.SystemConfigService.processCerts(SystemConfigService.java:359)
        at org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:176)
        at org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:110)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
...
[29/Aug/2017:13:21:55][http-bio-8443-exec-25]: Error in setting certificate names and key sizes: java.lang.NullPointerException

-- 
Michal Kašpar




More information about the Pki-users mailing list