Flo,
Yes, that's it exactly. Thanks. Paging the certificate list really ought to have been been lifted from other code, it's already standard in the DNS entry listings, for example.
To anyone:
In my case, it seems several hundred certificates were 'automatically' created and are of no use to anyone, never released, just taking up space. How can they best be deleted as if they never were?
Harry
On 8/19/21 10:02 AM, Florence Renaud wrote:
Hi,you may be hitting Bug 1959057 - An error has ocorred (IPA Error 4301:CertificateOperationError)
The error happens when there are more entries to return than the configured nsSizeLimit. The workaround is to raise the nsSizeLimit as described in the BZ but this may also degrade performances (please refer to Improving Search Performance through Resource Limits for more details)
flo
On Thu, Aug 19, 2021 at 12:31 AM Harry G. Coin via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
On 8/18/21 5:20 PM, Rob Crittenden wrote:
> Harry G. Coin via FreeIPA-users wrote:
>> What causes "IPA Error 4301: CertificateOperationError" / "Certificate
>> operation cannot be completed: Unable to communicate with CMS (500)"
>>
>> on latest fedora 34 freeipa, running on two hosts, master/master?
>>
>> Usually I'd expect 'ipa cert-show 1' to fail, but it works, and
>> 'systemctl' reports everything is running, and all the UI and other
>> functions appear to be normal (even dnssec !).
> Seems like it doesn't like something about cert serial number 2000. You
> can see if you get the same behavior with cert-show 2000 or cert-find on
> the cli.
>
> rob
Thanks Rob. Other than having a bunch of SAN entries, it works from the
command line:
[root@registry1 ca]# ipa cert-show 2000
Issuing CA: ipa
Certificate:
MIIRsTCCEBmgAwIBAgICB9AwDQYJKoZIhvcNAQELBQAwPjEcMBoGA1UECgwTMS5RVUlFVEZPVU5UQUlOLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIxMDgxNTIzMDM1MloXDTIzMDgxNjIzMDM1MlowQjEcMBoGA1UECgwTMS5RVUlFVEZPVU5UQUlOLkNPTTEiMCAGA1UEAwwZZW1haWwuMS5xdWlldGZvdW50YWluLmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKXYGmYtVHqENW8IUQVIuKKsQ8e64IfpqnWpDtxoav1fIrWmYm1XqL+ZYCgST9qAeKD0JIosxtzX9LRVY+BCqFsCrDIGCdNefog2e83vZ52zhTHJV1GxsBhXHppGyqAw7QK8ogi0nDRdQpEtpFR5QoZWf/YU0WQEBprnpkflbZhT6eF5LwL/5C0LfD6NVBxuPzu990XOsQwK0D9HXL25tvFfuk0O33RwMEQIDbTORuXD6ES5lbG1/50V2RCHBpe73rBnRPjzRF8b8zMWqv4/Rz4Xgrbjix+jnUmlhkV/lUQWfvvmj6zjYoo1YmiaXm3+8EbxOBGBMi0FLjEu3ZKgK1I1fbdW8b27ZtDxJvcawRJVfVFHzcTKk6OLeg+j4bcvHn7m9cBVjrSvN4amSFayf1gOaQT3R3NtGn8kuRezJaGCflVYycDCUhDZs7wZfGA9bP0OK2O5PZKeRcd0fy8IwnlBMc2n1MzHDWqp0Dl5W+EoJ4qw6/+9hZ4LYkDsKwu+UwIDAQABo4INszCCDa8wHwYDVR0jBBgwFoAUXW5JhdkJzAZFZf9sx8NRcgBLb5swRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNhLjEucXVpZXRmb3VudGFpbi5jb20vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMH4GA1UdHwR3MHUwc6A7oDmGN2h0dHA6Ly9pcGEtY2EuMS5xdWlldGZvdW50YWluLmNvbS9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFCx51ek7Vv2tczzH1FL5QtX3oeixMIIMdQYDVR0RBIIMbDCCDGiCGWVtYWlsLjEucXVpZXRmb3VudGFpbi5jb22HBKwQxwSHEPwAEAEAxwAAAAAAAAAAAASCGmVtYWlsMS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLABhxD8ABAAAAAMAAAAAAAAAAABghplbWFpbDIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwAocQ/AAQAAAADAAAAAAAAAAAAoIaZW1haWwzLjEucXVpZXRmb3VudGFpbi5jb22HBMCosAOHEPwAEAAAAAwAAAAAAAAAAAOCGmVtYWlsNC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAEhxD8ABAAAAAMAAAAAAAAAAAEghplbWFpbDUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwBYcQ/AAQAAAADAAAAAAAAAAABYIaZW1haWw2LjEucXVpZXRmb3VudGFpbi5jb22HBMCosAaHEPwAEAAAAAwAAAAAAAAAAAaCGmVtYWlsNy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAHhxD8ABAAAAAMAAAAAAAAAAAHghplbWFpbDguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwCIcQ/AAQAAAADAAAAAAAAAAACIIaZW1haWw5LjEucXVpZXRmb3VudGFpbi5jb22HBMCosAmHEPwAEAAAAAwAAAAAAAAAAAmCG2VtYWlsMTAuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwCocQ/AAQAAAADAAAAAAAAAAACoIbZW1haWwxMS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLALhxD8ABAAAAAMAAAAAAAAAAALghtlbWFpbDEyLjEucXVpZXRmb3VudGFpbi5jb22HBMCosAyHEPwAEAAAAAwAAAAAAAAAAAyCG2VtYWlsMTMuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwDYcQ/AAQAAAADAAAAAAAAAAADYIbZW1haWwxNC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAOhxD8ABAAAAAMAAAAAAAAAAAOghtlbWFpbDE1LjEucXVpZXRmb3VudGFpbi5jb22HBMCosA+HEPwAEAAAAAwAAAAAAAAAAA+CG2VtYWlsMTYuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwEIcQ/AAQAAAADAAAAAAAAAAAEIIbZW1haWwxNy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLARhxD8ABAAAAAMAAAAAAAAAAARghtlbWFpbDE4LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBKHEPwAEAAAAAwAAAAAAAAAABKCG2VtYWlsMTkuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwE4cQ/AAQAAAADAAAAAAAAAAAE4IbZW1haWwyMC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAUhxD8ABAAAAAMAAAAAAAAAAAUghtlbWFpbDIxLjEucXVpZXRmb3VudGFpbi5jb22HBMCosBWHEPwAEAAAAAwAAAAAAAAAABWCG2VtYWlsMjIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwFocQ/AAQAAAADAAAAAAAAAAAFoIbZW1haWwyMy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAXhxD8ABAAAAAMAAAAAAAAAAAXghtlbWFpbDI0LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBiHEPwAEAAAAAwAAAAAAAAAABiCG2VtYWlsMjUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwGYcQ/AAQAAAADAAAAAAAAAAAGYIbZW1haWwyNi4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAahxD8ABAAAAAMAAAAAAAAAAAaghtlbWFpbDI3LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBuHEPwAEAAAAAwAAAAAAAAAABuCG2VtYWlsMjguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwHIcQ/AAQAAAADAAAAAAAAAAAHIIbZW1haWwyOS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAdhxD8ABAAAAAMAAAAAAAAAAAdghtlbWFpbDMwLjEucXVpZXRmb3VudGFpbi5jb22HBMCosB6HEPwAEAAAAAwAAAAAAAAAAB6CG2VtYWlsMzEuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwH4cQ/AAQAAAADAAAAAAAAAAAH4IbZW1haWwzMi4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAghxD8ABAAAAAMAAAAAAAAAAAgghtlbWFpbDMzLjEucXVpZXRmb3VudGFpbi5jb22HBMCosCGHEPwAEAAAAAwAAAAAAAAAACGCG2VtYWlsMzQuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwIocQ/AAQAAAADAAAAAAAAAAAIoIbZW1haWwzNS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAjhxD8ABAAAAAMAAAAAAAAAAAjghtlbWFpbDM2LjEucXVpZXRmb3VudGFpbi5jb22HBMCosCSHEPwAEAAAAAwAAAAAAAAAACSCG2VtYWlsMzcuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwJYcQ/AAQAAAADAAAAAAAAAAAJYIbZW1haWwzOC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAmhxD8ABAAAAAMAAAAAAAAAAAmghtlbWFpbDM5LjEucXVpZXRmb3VudGFpbi5jb22HBMCosCeHEPwAEAAAAAwAAAAAAAAAACeCG2VtYWlsNDAuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwKIcQ/AAQAAAADAAAAAAAAAAAKIIbZW1haWw0MS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAphxD8ABAAAAAMAAAAAAAAAAApghtlbWFpbDQyLjEucXVpZXRmb3VudGFpbi5jb22HBMCosCqHEPwAEAAAAAwAAAAAAAAAACqCG2VtYWlsNDMuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwK4cQ/AAQAAAADAAAAAAAAAAAK4IbZW1haWw0NC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAshxD8ABAAAAAMAAAAAAAAAAAsghtlbWFpbDQ1LjEucXVpZXRmb3VudGFpbi5jb22HBMCosC2HEPwAEAAAAAwAAAAAAAAAAC2CG2VtYWlsNDYuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwLocQ/AAQAAAADAAAAAAAAAAALoIbZW1haWw0Ny4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAvhxD8ABAAAAAMAAAAAAAAAAAvghtlbWFpbDQ4LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDCHEPwAEAAAAAwAAAAAAAAAADCCG2VtYWlsNDkuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwMYcQ/AAQAAAADAAAAAAAAAAAMYIbZW1haWw1MC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAyhxD8ABAAAAAMAAAAAAAAAAAyghtlbWFpbDUxLjEucXVpZXRmb3VudGFpbi5jb22HBMCosDOHEPwAEAAAAAwAAAAAAAAAADOCG2VtYWlsNTIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwNIcQ/AAQAAAADAAAAAAAAAAANIIbZW1haWw1My4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA1hxD8ABAAAAAMAAAAAAAAAAA1ghtlbWFpbDU0LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDaHEPwAEAAAAAwAAAAAAAAAADaCG2VtYWlsNTUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwN4cQ/AAQAAAADAAAAAAAAAAAN4IbZW1haWw1Ni4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA4hxD8ABAAAAAMAAAAAAAAAAA4ghtlbWFpbDU3LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDmHEPwAEAAAAAwAAAAAAAAAADmCG2VtYWlsNTguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwOocQ/AAQAAAADAAAAAAAAAAAOoIbZW1haWw1OS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA7hxD8ABAAAAAMAAAAAAAAAAA7ggVlbWFpbDANBgkqhkiG9w0BAQsFAAOCAYEARmUPkIKBTl6NmIIlLcnb5onhttHK7p3ymPeulQUTsZMtG1s4a/Yf7Zq8QOuFv/jVA9/FBbjy8SM/ioUlBpay3q1VL7KQIa1t8jUEY36uIqyFRD0YIcCmIkTU6jQ5EYplXt1QGdSMfSDs7+CcuoipNtlV8VS/5YZXP/hBsg8x6xqHvV988dONj3ekUihd4F+SLa2PYlsyW8WO1pZ/q1Zxcy7ADExeSleeI4EqOPIukSeMRNAmpdkwOIminlQW1+oyUhZfHEEWrxFoKQDg0CSIJ6uQz4XpCnHydmgnkhYoT2CtuUV7MsJ7+S+Ziv/EVEVV15DQBGnV324lhuB1As/tiygTa4P/E/FCXM0uJLcIGoU+gkOIDwt9sQSvrFJ9sYT+3mllLUxkBVeWlvgR+0goTqtjvmO5HbRlXiJ7ml4sjjlHSy7mLCnT/JYM/JYeSkDlvQVG1DFq84MPgh0+ZsGuKU8DKmTlaJPjtHC7zwyQsVT+8FgCPQV8FZet3rqwETVL
Subject: CN=email.1.quietfountain.com,O=1.QUIETFOUNTAIN.COM
Subject DNS name: email.1.quietfountain.com,
email1.1.quietfountain.com, email2.1.quietfountain.com,
email3.1.quietfountain.com, email4.1.quietfountain.com,
email5.1.quietfountain.com,
email6.1.quietfountain.com,
email7.1.quietfountain.com, email8.1.quietfountain.com,
email9.1.quietfountain.com, email10.1.quietfountain.com,
email11.1.quietfountain.com,
email12.1.quietfountain.com,
email13.1.quietfountain.com, email14.1.quietfountain.com,
email15.1.quietfountain.com, email16.1.quietfountain.com,
email17.1.quietfountain.com,
email18.1.quietfountain.com,
email19.1.quietfountain.com, email20.1.quietfountain.com,
email21.1.quietfountain.com, email22.1.quietfountain.com,
email23.1.quietfountain.com,
email24.1.quietfountain.com,
email25.1.quietfountain.com, email26.1.quietfountain.com,
email27.1.quietfountain.com, email28.1.quietfountain.com,
email29.1.quietfountain.com,
email30.1.quietfountain.com,
email31.1.quietfountain.com, email32.1.quietfountain.com,
email33.1.quietfountain.com, email34.1.quietfountain.com,
email35.1.quietfountain.com,
email36.1.quietfountain.com,
email37.1.quietfountain.com, email38.1.quietfountain.com,
email39.1.quietfountain.com, email40.1.quietfountain.com,
email41.1.quietfountain.com,
email42.1.quietfountain.com,
email43.1.quietfountain.com, email44.1.quietfountain.com,
email45.1.quietfountain.com, email46.1.quietfountain.com,
email47.1.quietfountain.com,
email48.1.quietfountain.com,
email49.1.quietfountain.com, email50.1.quietfountain.com,
email51.1.quietfountain.com, email52.1.quietfountain.com,
email53.1.quietfountain.com,
email54.1.quietfountain.com,
email55.1.quietfountain.com, email56.1.quietfountain.com,
email57.1.quietfountain.com, email58.1.quietfountain.com,
email59.1.quietfountain.com, email
Issuer: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM
Not Before: Sun Aug 15 23:03:52 2021 UTC
Not After: Wed Aug 16 23:03:52 2023 UTC
Serial number: 2000
Serial number (hex): 0x7D0
Revoked: False
Owner service: HTTP/email.1.quietfountain.com@1.QUIETFOUNTAIN.COM
[root@registry1 ca]# echo $?
0
[root@registry1 ca]#
>
>>
>> detail:
>>
>> [root@registry1 ~]# ipa cert-show 1
>> Issuing CA: ipa
>> Certificate:
>> MIIEozCCAwugAwIBAgIBATANBgkqhkiG9w0BAQsFADA+MRwwGgYDVQQKDBMxLlFVSUVURk9VTlRBSU4uQ09NMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEwNjEzMTkwNjA1WhcNNDEwNjEzMTkwNjA1WjA+MRwwGgYDVQQKDBMxLlFVSUVURk9VTlRBSU4uQ09NMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDGSq+Nim03HfChgq4uLuYh9JRZcGZQO08iUNGJRzFkBKehS1sZwbXlACSYC32SbqyHBiRXE4VlLmMuKwNzp0/HgLojgA+Cfx6/Ta+eiGq0M7qX2y2rKoZOGtrWo23uYqx02Xs/UKBzZ8EHZFc9rqDsU7muvCDcuniTH6r3Nc6aJyJs9ksa66BkSsEu3KnmTTvvu8Vfl5Wu8ZQwwaEEpLNDagNrN3dICD6zr+ysm4nr6cJlU+884ayUGdgyQRQXI28z173b14M1JhUbFeLsLpTOYIXAn0eQa5uaSrIi7YF5FUH6fczwt7PACzyPy5c7W8ayYgosKZCWKdo456ingv2kNbDh8lX5qmaK8163b3nqnk6VkO11FtwGwQQzzkMDUEkIDOxqisjqDtgNzRWx3XC/F1zojZjVKCQ6sRM2G26fY+qRHxxhPzeWrh6TD3HJLvVDBpMFAONrLSJeXXmaj+zkob4uBv7X8TYdVO8xPKVC1p+t9OqhFoE5r9pXD5SaWGUCAwEAAaOBqzCBqDAfBgNVHSMEGDAWgBRdbkmF2QnMBkVl/2zHw1FyAEtvmzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUXW5JhdkJzAZFZf9sx8NRcgBLb5swRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNhLjEucXVpZXRmb3VudGFpbi5jb20vY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAq86t5DfFgXEKWTyOH0TgGIW2fVNVoeThc7emUx3P0wxkFK05grDlAW+sTbNe8aw4h8BowixIfDQ8hfwZVn7LIXqbOohNs0AMPaRc5XYOqU/ciG11YiI6jgEMhtC5fBlT3Ni4U7JQlikI7xcLlpWleSQTp+KX2sEFnASxHWkzlX0iWOwIZAr9CHpo06HH1yukfvosIsfRpdbpXPRcLaZ1pUlCUlviDEsI+HIkU/5N8Jja13BSguT5daCMywtFTwtzWgWSKtMC2AoH2y7+Dufu3/YDpR0WhdzJSS0ZztJULUJw6DGKO03EtuIvGVwoOqDSo10GYPxwF4HQHXQBNzed9tRKkpbBCNNx1L6hHbH+OutGNGDc9Dl9PWRHu3OP0ME5NdAq0rW6+Ibao+Dv5R3jxV8R0ky+08jyqMSVzzYYGz10y5DWFkyQfFO2daX6DBlWPRIf7hZJv4NW9Dd3KQZKIduZMGScvBKy1QaPu1WJVftNU5J6F67xiTUBxFXfM+hm
>> Subject: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM
>> Issuer: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM
>> Not Before: Sun Jun 13 19:06:05 2021 UTC
>> Not After: Thu Jun 13 19:06:05 2041 UTC
>> Serial number: 1
>> Serial number (hex): 0x1
>> Revoked: False
>> [root@registry1 ~]# systemctl is-system-running
>> running
>> [root@registry1 ~]#
>>
>>
>> notice /var/log/pki/pki-tomcat/ca/debug.2021-08-18.log
>>
>> ends with:
>>
>>
>> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] INFO:
>> DBVirtualList: dn: cn=2000,ou=certificateRepository,ou=ca,o=ipaca
>> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] SEVERE:
>> Operation Error - class netscape.ldap.LDAPException cannot be cast to
>> class netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and
>> netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>> java.lang.ClassCastException: class netscape.ldap.LDAPException cannot
>> be cast to class netscape.ldap.LDAPEntry (netscape.ldap.LDAPException
>> and netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:477)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:610)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:602)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getElementAt(DBVirtualList.java:754)
>> at
>> com.netscape.cmscore.dbs.CertRecordList.getCertRecord(CertRecordList.java:110)
>> at
>> org.dogtagpki.server.ca.rest.CertService.searchCerts(CertService.java:474)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
>> at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
>> at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>> at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
>> at jdk.internal.reflect.GeneratedMethodAccessor55.invoke(Unknown
>> Source)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at
>> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:221)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>> at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>> at jdk.internal.reflect.GeneratedMethodAccessor49.invoke(Unknown
>> Source)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at
>> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:187)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
>> at
>> com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>> at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
>> at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433)
>> at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>> at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
>> at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>> at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>> at java.base/java.lang.Thread.run(Thread.java:829)
>>
>> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] SEVERE: Unable
>> to search for certificates: java.lang.ClassCastException: class
>> netscape.ldap.LDAPException cannot be cast to class
>> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and
>> netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>> java.lang.RuntimeException: java.lang.ClassCastException: class
>> netscape.ldap.LDAPException cannot be cast to class
>> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and
>> netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:523)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:610)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:602)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getElementAt(DBVirtualList.java:754)
>> at
>> com.netscape.cmscore.dbs.CertRecordList.getCertRecord(CertRecordList.java:110)
>> at
>> org.dogtagpki.server.ca.rest.CertService.searchCerts(CertService.java:474)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
>> at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
>> at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>> at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
>> at jdk.internal.reflect.GeneratedMethodAccessor55.invoke(Unknown
>> Source)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at
>> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:221)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>> at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>> at jdk.internal.reflect.GeneratedMethodAccessor49.invoke(Unknown
>> Source)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at
>> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:187)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
>> at
>> com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>> at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
>> at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433)
>> at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>> at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
>> at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>> at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>> at java.base/java.lang.Thread.run(Thread.java:829)
>> Caused by: java.lang.ClassCastException: class
>> netscape.ldap.LDAPException cannot be cast to class
>> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and
>> netscape.ldap.LDAPEntry are in unnamed module of loader
>> java.net.URLClassLoader @5fcfe4b2)
>> at
>> com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:477)
>> ... 62 more
>>
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
>>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure