Hi,

we have an open ticket for pruning expired certs from the database, please see ticket 7219. Note that this mentions only expired certs, not unused certs.
The problem was already discussed a few times in the past, see for instance
- Removal of obsolete certificates from o=ipaca
- Removal & clean up certificates from o=ipaca
- Re: Delete certificates from Dogtag PKI

flo


On Thu, Aug 19, 2021 at 9:10 PM Harry G. Coin <hgcoin@gmail.com> wrote:

Flo,

Yes, that's it exactly.  Thanks.  Paging the certificate list really ought to have been been lifted from other code, it's already standard in the DNS entry listings, for example.

To anyone:

In my case, it seems several hundred certificates were 'automatically' created and are of no use to anyone, never released, just taking up space. How can they best be deleted as if they never were?

Harry



On 8/19/21 10:02 AM, Florence Renaud wrote:
Hi,
you may be hitting Bug 1959057 - An error has ocorred (IPA Error 4301:CertificateOperationError)

The error happens when there are more entries to return than the configured nsSizeLimit. The workaround is to raise the nsSizeLimit as described in the BZ but this may also degrade performances (please refer to Improving Search Performance through Resource Limits for more details)

flo

On Thu, Aug 19, 2021 at 12:31 AM Harry G. Coin via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

On 8/18/21 5:20 PM, Rob Crittenden wrote:
> Harry G. Coin via FreeIPA-users wrote:
>> What causes "IPA Error 4301: CertificateOperationError" / "Certificate
>> operation cannot be completed: Unable to communicate with CMS (500)"
>>
>> on latest fedora 34 freeipa, running on two hosts, master/master?
>>
>> Usually I'd expect 'ipa cert-show 1' to fail, but it works, and
>> 'systemctl' reports everything is running, and all the UI and other
>> functions appear to be normal (even dnssec !).
> Seems like it doesn't like something about cert serial number 2000. You
> can see if you get the same behavior with cert-show 2000 or cert-find on
> the cli.
>
> rob


Thanks Rob.  Other than having a bunch of SAN entries, it works from the
command line:

[root@registry1 ca]# ipa cert-show 2000
  Issuing CA: ipa
  Certificate:
MIIRsTCCEBmgAwIBAgICB9AwDQYJKoZIhvcNAQELBQAwPjEcMBoGA1UECgwTMS5RVUlFVEZPVU5UQUlOLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIxMDgxNTIzMDM1MloXDTIzMDgxNjIzMDM1MlowQjEcMBoGA1UECgwTMS5RVUlFVEZPVU5UQUlOLkNPTTEiMCAGA1UEAwwZZW1haWwuMS5xdWlldGZvdW50YWluLmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKXYGmYtVHqENW8IUQVIuKKsQ8e64IfpqnWpDtxoav1fIrWmYm1XqL+ZYCgST9qAeKD0JIosxtzX9LRVY+BCqFsCrDIGCdNefog2e83vZ52zhTHJV1GxsBhXHppGyqAw7QK8ogi0nDRdQpEtpFR5QoZWf/YU0WQEBprnpkflbZhT6eF5LwL/5C0LfD6NVBxuPzu990XOsQwK0D9HXL25tvFfuk0O33RwMEQIDbTORuXD6ES5lbG1/50V2RCHBpe73rBnRPjzRF8b8zMWqv4/Rz4Xgrbjix+jnUmlhkV/lUQWfvvmj6zjYoo1YmiaXm3+8EbxOBGBMi0FLjEu3ZKgK1I1fbdW8b27ZtDxJvcawRJVfVFHzcTKk6OLeg+j4bcvHn7m9cBVjrSvN4amSFayf1gOaQT3R3NtGn8kuRezJaGCflVYycDCUhDZs7wZfGA9bP0OK2O5PZKeRcd0fy8IwnlBMc2n1MzHDWqp0Dl5W+EoJ4qw6/+9hZ4LYkDsKwu+UwIDAQABo4INszCCDa8wHwYDVR0jBBgwFoAUXW5JhdkJzAZFZf9sx8NRcgBLb5swRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNhLjEucXVpZXRmb3VudGFpbi5jb20vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMH4GA1UdHwR3MHUwc6A7oDmGN2h0dHA6Ly9pcGEtY2EuMS5xdWlldGZvdW50YWluLmNvbS9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFCx51ek7Vv2tczzH1FL5QtX3oeixMIIMdQYDVR0RBIIMbDCCDGiCGWVtYWlsLjEucXVpZXRmb3VudGFpbi5jb22HBKwQxwSHEPwAEAEAxwAAAAAAAAAAAASCGmVtYWlsMS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLABhxD8ABAAAAAMAAAAAAAAAAABghplbWFpbDIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwAocQ/AAQAAAADAAAAAAAAAAAAoIaZW1haWwzLjEucXVpZXRmb3VudGFpbi5jb22HBMCosAOHEPwAEAAAAAwAAAAAAAAAAAOCGmVtYWlsNC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAEhxD8ABAAAAAMAAAAAAAAAAAEghplbWFpbDUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwBYcQ/AAQAAAADAAAAAAAAAAABYIaZW1haWw2LjEucXVpZXRmb3VudGFpbi5jb22HBMCosAaHEPwAEAAAAAwAAAAAAAAAAAaCGmVtYWlsNy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAHhxD8ABAAAAAMAAAAAAAAAAAHghplbWFpbDguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwCIcQ/AAQAAAADAAAAAAAAAAACIIaZW1haWw5LjEucXVpZXRmb3VudGFpbi5jb22HBMCosAmHEPwAEAAAAAwAAAAAAAAAAAmCG2VtYWlsMTAuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwCocQ/AAQAAAADAAAAAAAAAAACoIbZW1haWwxMS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLALhxD8ABAAAAAMAAAAAAAAAAALghtlbWFpbDEyLjEucXVpZXRmb3VudGFpbi5jb22HBMCosAyHEPwAEAAAAAwAAAAAAAAAAAyCG2VtYWlsMTMuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwDYcQ/AAQAAAADAAAAAAAAAAADYIbZW1haWwxNC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAOhxD8ABAAAAAMAAAAAAAAAAAOghtlbWFpbDE1LjEucXVpZXRmb3VudGFpbi5jb22HBMCosA+HEPwAEAAAAAwAAAAAAAAAAA+CG2VtYWlsMTYuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwEIcQ/AAQAAAADAAAAAAAAAAAEIIbZW1haWwxNy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLARhxD8ABAAAAAMAAAAAAAAAAARghtlbWFpbDE4LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBKHEPwAEAAAAAwAAAAAAAAAABKCG2VtYWlsMTkuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwE4cQ/AAQAAAADAAAAAAAAAAAE4IbZW1haWwyMC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAUhxD8ABAAAAAMAAAAAAAAAAAUghtlbWFpbDIxLjEucXVpZXRmb3VudGFpbi5jb22HBMCosBWHEPwAEAAAAAwAAAAAAAAAABWCG2VtYWlsMjIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwFocQ/AAQAAAADAAAAAAAAAAAFoIbZW1haWwyMy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAXhxD8ABAAAAAMAAAAAAAAAAAXghtlbWFpbDI0LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBiHEPwAEAAAAAwAAAAAAAAAABiCG2VtYWlsMjUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwGYcQ/AAQAAAADAAAAAAAAAAAGYIbZW1haWwyNi4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAahxD8ABAAAAAMAAAAAAAAAAAaghtlbWFpbDI3LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBuHEPwAEAAAAAwAAAAAAAAAABuCG2VtYWlsMjguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwHIcQ/AAQAAAADAAAAAAAAAAAHIIbZW1haWwyOS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAdhxD8ABAAAAAMAAAAAAAAAAAdghtlbWFpbDMwLjEucXVpZXRmb3VudGFpbi5jb22HBMCosB6HEPwAEAAAAAwAAAAAAAAAAB6CG2VtYWlsMzEuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwH4cQ/AAQAAAADAAAAAAAAAAAH4IbZW1haWwzMi4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAghxD8ABAAAAAMAAAAAAAAAAAgghtlbWFpbDMzLjEucXVpZXRmb3VudGFpbi5jb22HBMCosCGHEPwAEAAAAAwAAAAAAAAAACGCG2VtYWlsMzQuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwIocQ/AAQAAAADAAAAAAAAAAAIoIbZW1haWwzNS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAjhxD8ABAAAAAMAAAAAAAAAAAjghtlbWFpbDM2LjEucXVpZXRmb3VudGFpbi5jb22HBMCosCSHEPwAEAAAAAwAAAAAAAAAACSCG2VtYWlsMzcuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwJYcQ/AAQAAAADAAAAAAAAAAAJYIbZW1haWwzOC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAmhxD8ABAAAAAMAAAAAAAAAAAmghtlbWFpbDM5LjEucXVpZXRmb3VudGFpbi5jb22HBMCosCeHEPwAEAAAAAwAAAAAAAAAACeCG2VtYWlsNDAuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwKIcQ/AAQAAAADAAAAAAAAAAAKIIbZW1haWw0MS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAphxD8ABAAAAAMAAAAAAAAAAApghtlbWFpbDQyLjEucXVpZXRmb3VudGFpbi5jb22HBMCosCqHEPwAEAAAAAwAAAAAAAAAACqCG2VtYWlsNDMuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwK4cQ/AAQAAAADAAAAAAAAAAAK4IbZW1haWw0NC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAshxD8ABAAAAAMAAAAAAAAAAAsghtlbWFpbDQ1LjEucXVpZXRmb3VudGFpbi5jb22HBMCosC2HEPwAEAAAAAwAAAAAAAAAAC2CG2VtYWlsNDYuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwLocQ/AAQAAAADAAAAAAAAAAALoIbZW1haWw0Ny4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAvhxD8ABAAAAAMAAAAAAAAAAAvghtlbWFpbDQ4LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDCHEPwAEAAAAAwAAAAAAAAAADCCG2VtYWlsNDkuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwMYcQ/AAQAAAADAAAAAAAAAAAMYIbZW1haWw1MC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAyhxD8ABAAAAAMAAAAAAAAAAAyghtlbWFpbDUxLjEucXVpZXRmb3VudGFpbi5jb22HBMCosDOHEPwAEAAAAAwAAAAAAAAAADOCG2VtYWlsNTIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwNIcQ/AAQAAAADAAAAAAAAAAANIIbZW1haWw1My4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA1hxD8ABAAAAAMAAAAAAAAAAA1ghtlbWFpbDU0LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDaHEPwAEAAAAAwAAAAAAAAAADaCG2VtYWlsNTUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwN4cQ/AAQAAAADAAAAAAAAAAAN4IbZW1haWw1Ni4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA4hxD8ABAAAAAMAAAAAAAAAAA4ghtlbWFpbDU3LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDmHEPwAEAAAAAwAAAAAAAAAADmCG2VtYWlsNTguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwOocQ/AAQAAAADAAAAAAAAAAAOoIbZW1haWw1OS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA7hxD8ABAAAAAMAAAAAAAAAAA7ggVlbWFpbDANBgkqhkiG9w0BAQsFAAOCAYEARmUPkIKBTl6NmIIlLcnb5onhttHK7p3ymPeulQUTsZMtG1s4a/Yf7Zq8QOuFv/jVA9/FBbjy8SM/ioUlBpay3q1VL7KQIa1t8jUEY36uIqyFRD0YIcCmIkTU6jQ5EYplXt1QGdSMfSDs7+CcuoipNtlV8VS/5YZXP/hBsg8x6xqHvV988dONj3ekUihd4F+SLa2PYlsyW8WO1pZ/q1Zxcy7ADExeSleeI4EqOPIukSeMRNAmpdkwOIminlQW1+oyUhZfHEEWrxFoKQDg0CSIJ6uQz4XpCnHydmgnkhYoT2CtuUV7MsJ7+S+Ziv/EVEVV15DQBGnV324lhuB1As/tiygTa4P/E/FCXM0uJLcIGoU+gkOIDwt9sQSvrFJ9sYT+3mllLUxkBVeWlvgR+0goTqtjvmO5HbRlXiJ7ml4sjjlHSy7mLCnT/JYM/JYeSkDlvQVG1DFq84MPgh0+ZsGuKU8DKmTlaJPjtHC7zwyQsVT+8FgCPQV8FZet3rqwETVL
  Subject: CN=email.1.quietfountain.com,O=1.QUIETFOUNTAIN.COM
  Subject DNS name: email.1.quietfountain.com,
email1.1.quietfountain.com, email2.1.quietfountain.com,
email3.1.quietfountain.com, email4.1.quietfountain.com,
email5.1.quietfountain.com,
                    email6.1.quietfountain.com,
email7.1.quietfountain.com, email8.1.quietfountain.com,
email9.1.quietfountain.com, email10.1.quietfountain.com,
email11.1.quietfountain.com,
                    email12.1.quietfountain.com,
email13.1.quietfountain.com, email14.1.quietfountain.com,
email15.1.quietfountain.com, email16.1.quietfountain.com,
email17.1.quietfountain.com,
                    email18.1.quietfountain.com,
email19.1.quietfountain.com, email20.1.quietfountain.com,
email21.1.quietfountain.com, email22.1.quietfountain.com,
email23.1.quietfountain.com,
                    email24.1.quietfountain.com,
email25.1.quietfountain.com, email26.1.quietfountain.com,
email27.1.quietfountain.com, email28.1.quietfountain.com,
email29.1.quietfountain.com,
                    email30.1.quietfountain.com,
email31.1.quietfountain.com, email32.1.quietfountain.com,
email33.1.quietfountain.com, email34.1.quietfountain.com,
email35.1.quietfountain.com,
                    email36.1.quietfountain.com,
email37.1.quietfountain.com, email38.1.quietfountain.com,
email39.1.quietfountain.com, email40.1.quietfountain.com,
email41.1.quietfountain.com,
                    email42.1.quietfountain.com,
email43.1.quietfountain.com, email44.1.quietfountain.com,
email45.1.quietfountain.com, email46.1.quietfountain.com,
email47.1.quietfountain.com,
                    email48.1.quietfountain.com,
email49.1.quietfountain.com, email50.1.quietfountain.com,
email51.1.quietfountain.com, email52.1.quietfountain.com,
email53.1.quietfountain.com,
                    email54.1.quietfountain.com,
email55.1.quietfountain.com, email56.1.quietfountain.com,
email57.1.quietfountain.com, email58.1.quietfountain.com,
email59.1.quietfountain.com, email
  Issuer: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM
  Not Before: Sun Aug 15 23:03:52 2021 UTC
  Not After: Wed Aug 16 23:03:52 2023 UTC
  Serial number: 2000
  Serial number (hex): 0x7D0
  Revoked: False
  Owner service: HTTP/email.1.quietfountain.com@1.QUIETFOUNTAIN.COM
[root@registry1 ca]# echo $?
0
[root@registry1 ca]#

>
>>
>> detail:
>>
>> [root@registry1 ~]# ipa cert-show 1
>>   Issuing CA: ipa
>>   Certificate:
>> MIIEozCCAwugAwIBAgIBATANBgkqhkiG9w0BAQsFADA+MRwwGgYDVQQKDBMxLlFVSUVURk9VTlRBSU4uQ09NMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEwNjEzMTkwNjA1WhcNNDEwNjEzMTkwNjA1WjA+MRwwGgYDVQQKDBMxLlFVSUVURk9VTlRBSU4uQ09NMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDGSq+Nim03HfChgq4uLuYh9JRZcGZQO08iUNGJRzFkBKehS1sZwbXlACSYC32SbqyHBiRXE4VlLmMuKwNzp0/HgLojgA+Cfx6/Ta+eiGq0M7qX2y2rKoZOGtrWo23uYqx02Xs/UKBzZ8EHZFc9rqDsU7muvCDcuniTH6r3Nc6aJyJs9ksa66BkSsEu3KnmTTvvu8Vfl5Wu8ZQwwaEEpLNDagNrN3dICD6zr+ysm4nr6cJlU+884ayUGdgyQRQXI28z173b14M1JhUbFeLsLpTOYIXAn0eQa5uaSrIi7YF5FUH6fczwt7PACzyPy5c7W8ayYgosKZCWKdo456ingv2kNbDh8lX5qmaK8163b3nqnk6VkO11FtwGwQQzzkMDUEkIDOxqisjqDtgNzRWx3XC/F1zojZjVKCQ6sRM2G26fY+qRHxxhPzeWrh6TD3HJLvVDBpMFAONrLSJeXXmaj+zkob4uBv7X8TYdVO8xPKVC1p+t9OqhFoE5r9pXD5SaWGUCAwEAAaOBqzCBqDAfBgNVHSMEGDAWgBRdbkmF2QnMBkVl/2zHw1FyAEtvmzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUXW5JhdkJzAZFZf9sx8NRcgBLb5swRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNhLjEucXVpZXRmb3VudGFpbi5jb20vY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAq86t5DfFgXEKWTyOH0TgGIW2fVNVoeThc7emUx3P0wxkFK05grDlAW+sTbNe8aw4h8BowixIfDQ8hfwZVn7LIXqbOohNs0AMPaRc5XYOqU/ciG11YiI6jgEMhtC5fBlT3Ni4U7JQlikI7xcLlpWleSQTp+KX2sEFnASxHWkzlX0iWOwIZAr9CHpo06HH1yukfvosIsfRpdbpXPRcLaZ1pUlCUlviDEsI+HIkU/5N8Jja13BSguT5daCMywtFTwtzWgWSKtMC2AoH2y7+Dufu3/YDpR0WhdzJSS0ZztJULUJw6DGKO03EtuIvGVwoOqDSo10GYPxwF4HQHXQBNzed9tRKkpbBCNNx1L6hHbH+OutGNGDc9Dl9PWRHu3OP0ME5NdAq0rW6+Ibao+Dv5R3jxV8R0ky+08jyqMSVzzYYGz10y5DWFkyQfFO2daX6DBlWPRIf7hZJv4NW9Dd3KQZKIduZMGScvBKy1QaPu1WJVftNU5J6F67xiTUBxFXfM+hm
>>   Subject: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM
>>   Issuer: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM
>>   Not Before: Sun Jun 13 19:06:05 2021 UTC
>>   Not After: Thu Jun 13 19:06:05 2041 UTC
>>   Serial number: 1
>>   Serial number (hex): 0x1
>>   Revoked: False
>> [root@registry1 ~]# systemctl is-system-running
>> running
>> [root@registry1 ~]# 
>>
>>
>> notice /var/log/pki/pki-tomcat/ca/debug.2021-08-18.log
>>
>> ends with:
>>
>>
>> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] INFO:
>> DBVirtualList: dn: cn=2000,ou=certificateRepository,ou=ca,o=ipaca
>> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] SEVERE:
>> Operation Error - class netscape.ldap.LDAPException cannot be cast to
>> class netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and
>> netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>> java.lang.ClassCastException: class netscape.ldap.LDAPException cannot
>> be cast to class netscape.ldap.LDAPEntry (netscape.ldap.LDAPException
>> and netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:477)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:610)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:602)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getElementAt(DBVirtualList.java:754)
>>         at
>> com.netscape.cmscore.dbs.CertRecordList.getCertRecord(CertRecordList.java:110)
>>         at
>> org.dogtagpki.server.ca.rest.CertService.searchCerts(CertService.java:474)
>>         at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>>         at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>         at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>         at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>         at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
>>         at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>>         at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>>         at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
>>         at jdk.internal.reflect.GeneratedMethodAccessor55.invoke(Unknown
>> Source)
>>         at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>         at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>         at
>> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
>>         at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>>         at
>> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
>>         at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:221)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
>>         at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>>         at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>>         at jdk.internal.reflect.GeneratedMethodAccessor49.invoke(Unknown
>> Source)
>>         at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>         at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>         at
>> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
>>         at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>>         at
>> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
>>         at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:187)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
>>         at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>>         at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
>>         at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
>>         at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
>>         at
>> com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
>>         at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
>>         at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>>         at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
>>         at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
>>         at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
>>         at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433)
>>         at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>>         at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
>>         at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
>>         at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>>         at
>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>>         at
>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>>         at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>         at java.base/java.lang.Thread.run(Thread.java:829)
>>
>> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] SEVERE: Unable
>> to search for certificates: java.lang.ClassCastException: class
>> netscape.ldap.LDAPException cannot be cast to class
>> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and
>> netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>> java.lang.RuntimeException: java.lang.ClassCastException: class
>> netscape.ldap.LDAPException cannot be cast to class
>> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and
>> netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:523)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:610)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:602)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getElementAt(DBVirtualList.java:754)
>>         at
>> com.netscape.cmscore.dbs.CertRecordList.getCertRecord(CertRecordList.java:110)
>>         at
>> org.dogtagpki.server.ca.rest.CertService.searchCerts(CertService.java:474)
>>         at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>>         at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>         at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>         at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>         at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
>>         at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>>         at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>>         at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
>>         at jdk.internal.reflect.GeneratedMethodAccessor55.invoke(Unknown
>> Source)
>>         at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>         at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>         at
>> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
>>         at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>>         at
>> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
>>         at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:221)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
>>         at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>>         at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>>         at jdk.internal.reflect.GeneratedMethodAccessor49.invoke(Unknown
>> Source)
>>         at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>         at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>         at
>> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
>>         at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>>         at
>> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
>>         at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:187)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
>>         at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>>         at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
>>         at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
>>         at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
>>         at
>> com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
>>         at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
>>         at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>>         at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
>>         at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
>>         at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
>>         at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433)
>>         at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>>         at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
>>         at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
>>         at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>>         at
>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>>         at
>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>>         at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>         at java.base/java.lang.Thread.run(Thread.java:829)
>> Caused by: java.lang.ClassCastException: class
>> netscape.ldap.LDAPException cannot be cast to class
>> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and
>> netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>>         at
>> com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:477)
>>         ... 62 more
>>
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
>>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure