Ack. Will try this - thanks for the reply!
> On Jan 2, 2024, at 10:39 AM, Rob Crittenden <[email protected]> wrote: > > Martin Jackson via FreeIPA-users wrote: >> I seem to be hitting this same issue on Fedora 39; I seem to currently >> be unable to revoke any certifcate in my setup. freeipa-healthcheck >> indicates no errors, nor does pki-healthcheck. >> >> From the logs: >> >> 2023-12-30 19:35:59 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-7] SEVERE: >> Servlet.service() for servlet [Resteasy] in context with path [/ca] >> threw exception >> org.jboss.resteasy.spi.UnhandledException: >> java.lang.NullPointerException: Cannot invoke "String.toLowerCase()" >> because "<parameter1>" is null >> >> FreeIPA packages: >> >> freeipa-client-common-4.11.0-7.fc39.noarch >> freeipa-server-common-4.11.0-7.fc39.noarch >> freeipa-selinux-4.11.0-7.fc39.noarch >> freeipa-common-4.11.0-7.fc39.noarch >> freeipa-client-4.11.0-7.fc39.x86_64 >> freeipa-server-4.11.0-7.fc39.x86_64 >> freeipa-server-dns-4.11.0-7.fc39.noarch >> freeipa-healthcheck-core-0.16-2.fc39.noarch >> freeipa-healthcheck-0.16-2.fc39.noarch >> >> Dogtag packages: >> >> dogtag-pki-theme-11.4.3-2.fc39.1.noarch >> dogtag-pki-javadoc-11.4.3-2.fc39.1.noarch >> python3-dogtag-pki-11.4.3-2.fc39.1.noarch >> dogtag-pki-base-11.4.3-2.fc39.1.noarch >> pki-resteasy-jackson2-provider-3.0.26-27.fc39.noarch >> pki-resteasy-core-3.0.26-27.fc39.noarch >> pki-resteasy-servlet-initializer-3.0.26-27.fc39.noarch >> pki-resteasy-client-3.0.26-27.fc39.noarch >> pki-resteasy-3.0.26-27.fc39.noarch >> dogtag-pki-java-11.4.3-2.fc39.1.noarch >> dogtag-pki-tools-11.4.3-2.fc39.1.x86_64 >> dogtag-pki-server-11.4.3-2.fc39.1.noarch >> dogtag-pki-acme-11.4.3-2.fc39.1.noarch >> dogtag-pki-ca-11.4.3-2.fc39.1.noarch >> dogtag-pki-kra-11.4.3-2.fc39.1.noarch >> dogtag-pki-est-11.4.3-2.fc39.1.noarch >> dogtag-pki-ocsp-11.4.3-2.fc39.1.noarch >> dogtag-pki-tks-11.4.3-2.fc39.1.noarch >> dogtag-pki-tps-11.4.3-2.fc39.1.noarch >> dogtag-pki-11.4.3-2.fc39.1.x86_64 >> vi se >> It has been a while since I tried revoking a cert; not sure how long >> this has been the case. > > I am unable to reproduce this will the same versions on Fedora 39. > > To see what is being sent you can create /etc/ipa/server.conf with contents: > > [global] > debug=True > > Then restart httpd and try a revocation. > > Then look in /var/log/httpd/error_log and look for: > > POST https://ipa.example.test:443/ca/rest/agent/certs/<SERIAL>/revoke > > You will be able to see the data that is sent. For PKI 11.4.0+ it should > look something like {"Reason":"Superseded"} > > You may want to consider disabling debug mode after testing as it can be > rather chatty. > > rob > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
