Martin Jackson via FreeIPA-users wrote: > I seem to be hitting this same issue on Fedora 39; I seem to currently > be unable to revoke any certifcate in my setup. freeipa-healthcheck > indicates no errors, nor does pki-healthcheck. > > From the logs: > > 2023-12-30 19:35:59 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-7] SEVERE: > Servlet.service() for servlet [Resteasy] in context with path [/ca] > threw exception > org.jboss.resteasy.spi.UnhandledException: > java.lang.NullPointerException: Cannot invoke "String.toLowerCase()" > because "<parameter1>" is null > > FreeIPA packages: > > freeipa-client-common-4.11.0-7.fc39.noarch > freeipa-server-common-4.11.0-7.fc39.noarch > freeipa-selinux-4.11.0-7.fc39.noarch > freeipa-common-4.11.0-7.fc39.noarch > freeipa-client-4.11.0-7.fc39.x86_64 > freeipa-server-4.11.0-7.fc39.x86_64 > freeipa-server-dns-4.11.0-7.fc39.noarch > freeipa-healthcheck-core-0.16-2.fc39.noarch > freeipa-healthcheck-0.16-2.fc39.noarch > > Dogtag packages: > > dogtag-pki-theme-11.4.3-2.fc39.1.noarch > dogtag-pki-javadoc-11.4.3-2.fc39.1.noarch > python3-dogtag-pki-11.4.3-2.fc39.1.noarch > dogtag-pki-base-11.4.3-2.fc39.1.noarch > pki-resteasy-jackson2-provider-3.0.26-27.fc39.noarch > pki-resteasy-core-3.0.26-27.fc39.noarch > pki-resteasy-servlet-initializer-3.0.26-27.fc39.noarch > pki-resteasy-client-3.0.26-27.fc39.noarch > pki-resteasy-3.0.26-27.fc39.noarch > dogtag-pki-java-11.4.3-2.fc39.1.noarch > dogtag-pki-tools-11.4.3-2.fc39.1.x86_64 > dogtag-pki-server-11.4.3-2.fc39.1.noarch > dogtag-pki-acme-11.4.3-2.fc39.1.noarch > dogtag-pki-ca-11.4.3-2.fc39.1.noarch > dogtag-pki-kra-11.4.3-2.fc39.1.noarch > dogtag-pki-est-11.4.3-2.fc39.1.noarch > dogtag-pki-ocsp-11.4.3-2.fc39.1.noarch > dogtag-pki-tks-11.4.3-2.fc39.1.noarch > dogtag-pki-tps-11.4.3-2.fc39.1.noarch > dogtag-pki-11.4.3-2.fc39.1.x86_64 > vi se > It has been a while since I tried revoking a cert; not sure how long > this has been the case.
I am unable to reproduce this will the same versions on Fedora 39. To see what is being sent you can create /etc/ipa/server.conf with contents: [global] debug=True Then restart httpd and try a revocation. Then look in /var/log/httpd/error_log and look for: POST https://ipa.example.test:443/ca/rest/agent/certs/<SERIAL>/revoke You will be able to see the data that is sent. For PKI 11.4.0+ it should look something like {"Reason":"Superseded"} You may want to consider disabling debug mode after testing as it can be rather chatty. rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue