Flo, Yes, that's it exactly. Thanks. Paging the certificate list really ought to have been been lifted from other code, it's already standard in the DNS entry listings, for example.
To anyone: In my case, it seems several hundred certificates were 'automatically' created and are of no use to anyone, never released, just taking up space. How can they best be deleted as if they never were? Harry On 8/19/21 10:02 AM, Florence Renaud wrote: > Hi, > you may be hitting *Bug 1959057* > <https://bugzilla.redhat.com/show_bug.cgi?id=1959057> - An error has > ocorred (IPA Error 4301:CertificateOperationError) > > The error happens when there are more entries to return than the > configured nsSizeLimit. The workaround is to raise the nsSizeLimit as > described in the BZ but this may also degrade performances (please > refer to Improving Search Performance through Resource Limits > <https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/ldapsearch-ex-complex-range> > for more details) > > flo > > On Thu, Aug 19, 2021 at 12:31 AM Harry G. Coin via FreeIPA-users > <[email protected] > <mailto:[email protected]>> wrote: > > > On 8/18/21 5:20 PM, Rob Crittenden wrote: > > Harry G. Coin via FreeIPA-users wrote: > >> What causes "IPA Error 4301: CertificateOperationError" / > "Certificate > >> operation cannot be completed: Unable to communicate with CMS > (500)" > >> > >> on latest fedora 34 freeipa, running on two hosts, master/master? > >> > >> Usually I'd expect 'ipa cert-show 1' to fail, but it works, and > >> 'systemctl' reports everything is running, and all the UI and other > >> functions appear to be normal (even dnssec !). > > Seems like it doesn't like something about cert serial number > 2000. You > > can see if you get the same behavior with cert-show 2000 or > cert-find on > > the cli. > > > > rob > > > Thanks Rob. Other than having a bunch of SAN entries, it works > from the > command line: > > [root@registry1 ca]# ipa cert-show 2000 > Issuing CA: ipa > Certificate: > > MIIRsTCCEBmgAwIBAgICB9AwDQYJKoZIhvcNAQELBQAwPjEcMBoGA1UECgwTMS5RVUlFVEZPVU5UQUlOLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIxMDgxNTIzMDM1MloXDTIzMDgxNjIzMDM1MlowQjEcMBoGA1UECgwTMS5RVUlFVEZPVU5UQUlOLkNPTTEiMCAGA1UEAwwZZW1haWwuMS5xdWlldGZvdW50YWluLmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKXYGmYtVHqENW8IUQVIuKKsQ8e64IfpqnWpDtxoav1fIrWmYm1XqL+ZYCgST9qAeKD0JIosxtzX9LRVY+BCqFsCrDIGCdNefog2e83vZ52zhTHJV1GxsBhXHppGyqAw7QK8ogi0nDRdQpEtpFR5QoZWf/YU0WQEBprnpkflbZhT6eF5LwL/5C0LfD6NVBxuPzu990XOsQwK0D9HXL25tvFfuk0O33RwMEQIDbTORuXD6ES5lbG1/50V2RCHBpe73rBnRPjzRF8b8zMWqv4/Rz4Xgrbjix+jnUmlhkV/lUQWfvvmj6zjYoo1YmiaXm3+8EbxOBGBMi0FLjEu3ZKgK1I1fbdW8b27ZtDxJvcawRJVfVFHzcTKk6OLeg+j4bcvHn7m9cBVjrSvN4amSFayf1gOaQT3R3NtGn8kuRezJaGCflVYycDCUhDZs7wZfGA9bP0OK2O5PZKeRcd0fy8IwnlBMc2n1MzHDWqp0Dl5W+EoJ4qw6/+9hZ4LYkDsKwu+UwIDAQABo4INszCCDa8wHwYDVR0jBBgwFoAUXW5JhdkJzAZFZf9sx8NRcgBLb5swRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNhLjEucXVpZXRmb3VudGFpbi5jb20vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMH4GA1UdHwR3MHUwc6A7oDmGN2h0dHA6Ly9pcGEtY2EuMS5xdWlldGZvdW50YWluLmNvbS9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFCx51ek7Vv2tczzH1FL5QtX3oeixMIIMdQYDVR0RBIIMbDCCDGiCGWVtYWlsLjEucXVpZXRmb3VudGFpbi5jb22HBKwQxwSHEPwAEAEAxwAAAAAAAAAAAASCGmVtYWlsMS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLABhxD8ABAAAAAMAAAAAAAAAAABghplbWFpbDIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwAocQ/AAQAAAADAAAAAAAAAAAAoIaZW1haWwzLjEucXVpZXRmb3VudGFpbi5jb22HBMCosAOHEPwAEAAAAAwAAAAAAAAAAAOCGmVtYWlsNC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAEhxD8ABAAAAAMAAAAAAAAAAAEghplbWFpbDUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwBYcQ/AAQAAAADAAAAAAAAAAABYIaZW1haWw2LjEucXVpZXRmb3VudGFpbi5jb22HBMCosAaHEPwAEAAAAAwAAAAAAAAAAAaCGmVtYWlsNy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAHhxD8ABAAAAAMAAAAAAAAAAAHghplbWFpbDguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwCIcQ/AAQAAAADAAAAAAAAAAACIIaZW1haWw5LjEucXVpZXRmb3VudGFpbi5jb22HBMCosAmHEPwAEAAAAAwAAAAAAAAAAAmCG2VtYWlsMTAuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwCocQ/AAQAAAADAAAAAAAAAAACoIbZW1haWwxMS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLALhxD8ABAAAAAMAAAAAAAAAAALghtlbWFpbDEyLjEucXVpZXRmb3VudGFpbi5jb22HBMCosAyHEPwAEAAAAAwAAAAAAAAAAAyCG2VtYWlsMTMuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwDYcQ/AAQAAAADAAAAAAAAAAADYIbZW1haWwxNC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAOhxD8ABAAAAAMAAAAAAAAAAAOghtlbWFpbDE1LjEucXVpZXRmb3VudGFpbi5jb22HBMCosA+HEPwAEAAAAAwAAAAAAAAAAA+CG2VtYWlsMTYuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwEIcQ/AAQAAAADAAAAAAAAAAAEIIbZW1haWwxNy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLARhxD8ABAAAAAMAAAAAAAAAAARghtlbWFpbDE4LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBKHEPwAEAAAAAwAAAAAAAAAABKCG2VtYWlsMTkuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwE4cQ/AAQAAAADAAAAAAAAAAAE4IbZW1haWwyMC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAUhxD8ABAAAAAMAAAAAAAAAAAUghtlbWFpbDIxLjEucXVpZXRmb3VudGFpbi5jb22HBMCosBWHEPwAEAAAAAwAAAAAAAAAABWCG2VtYWlsMjIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwFocQ/AAQAAAADAAAAAAAAAAAFoIbZW1haWwyMy4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAXhxD8ABAAAAAMAAAAAAAAAAAXghtlbWFpbDI0LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBiHEPwAEAAAAAwAAAAAAAAAABiCG2VtYWlsMjUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwGYcQ/AAQAAAADAAAAAAAAAAAGYIbZW1haWwyNi4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAahxD8ABAAAAAMAAAAAAAAAAAaghtlbWFpbDI3LjEucXVpZXRmb3VudGFpbi5jb22HBMCosBuHEPwAEAAAAAwAAAAAAAAAABuCG2VtYWlsMjguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwHIcQ/AAQAAAADAAAAAAAAAAAHIIbZW1haWwyOS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAdhxD8ABAAAAAMAAAAAAAAAAAdghtlbWFpbDMwLjEucXVpZXRmb3VudGFpbi5jb22HBMCosB6HEPwAEAAAAAwAAAAAAAAAAB6CG2VtYWlsMzEuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwH4cQ/AAQAAAADAAAAAAAAAAAH4IbZW1haWwzMi4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAghxD8ABAAAAAMAAAAAAAAAAAgghtlbWFpbDMzLjEucXVpZXRmb3VudGFpbi5jb22HBMCosCGHEPwAEAAAAAwAAAAAAAAAACGCG2VtYWlsMzQuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwIocQ/AAQAAAADAAAAAAAAAAAIoIbZW1haWwzNS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAjhxD8ABAAAAAMAAAAAAAAAAAjghtlbWFpbDM2LjEucXVpZXRmb3VudGFpbi5jb22HBMCosCSHEPwAEAAAAAwAAAAAAAAAACSCG2VtYWlsMzcuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwJYcQ/AAQAAAADAAAAAAAAAAAJYIbZW1haWwzOC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAmhxD8ABAAAAAMAAAAAAAAAAAmghtlbWFpbDM5LjEucXVpZXRmb3VudGFpbi5jb22HBMCosCeHEPwAEAAAAAwAAAAAAAAAACeCG2VtYWlsNDAuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwKIcQ/AAQAAAADAAAAAAAAAAAKIIbZW1haWw0MS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAphxD8ABAAAAAMAAAAAAAAAAApghtlbWFpbDQyLjEucXVpZXRmb3VudGFpbi5jb22HBMCosCqHEPwAEAAAAAwAAAAAAAAAACqCG2VtYWlsNDMuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwK4cQ/AAQAAAADAAAAAAAAAAAK4IbZW1haWw0NC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAshxD8ABAAAAAMAAAAAAAAAAAsghtlbWFpbDQ1LjEucXVpZXRmb3VudGFpbi5jb22HBMCosC2HEPwAEAAAAAwAAAAAAAAAAC2CG2VtYWlsNDYuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwLocQ/AAQAAAADAAAAAAAAAAALoIbZW1haWw0Ny4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAvhxD8ABAAAAAMAAAAAAAAAAAvghtlbWFpbDQ4LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDCHEPwAEAAAAAwAAAAAAAAAADCCG2VtYWlsNDkuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwMYcQ/AAQAAAADAAAAAAAAAAAMYIbZW1haWw1MC4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLAyhxD8ABAAAAAMAAAAAAAAAAAyghtlbWFpbDUxLjEucXVpZXRmb3VudGFpbi5jb22HBMCosDOHEPwAEAAAAAwAAAAAAAAAADOCG2VtYWlsNTIuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwNIcQ/AAQAAAADAAAAAAAAAAANIIbZW1haWw1My4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA1hxD8ABAAAAAMAAAAAAAAAAA1ghtlbWFpbDU0LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDaHEPwAEAAAAAwAAAAAAAAAADaCG2VtYWlsNTUuMS5xdWlldGZvdW50YWluLmNvbYcEwKiwN4cQ/AAQAAAADAAAAAAAAAAAN4IbZW1haWw1Ni4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA4hxD8ABAAAAAMAAAAAAAAAAA4ghtlbWFpbDU3LjEucXVpZXRmb3VudGFpbi5jb22HBMCosDmHEPwAEAAAAAwAAAAAAAAAADmCG2VtYWlsNTguMS5xdWlldGZvdW50YWluLmNvbYcEwKiwOocQ/AAQAAAADAAAAAAAAAAAOoIbZW1haWw1OS4xLnF1aWV0Zm91bnRhaW4uY29thwTAqLA7hxD8ABAAAAAMAAAAAAAAAAA7ggVlbWFpbDANBgkqhkiG9w0BAQsFAAOCAYEARmUPkIKBTl6NmIIlLcnb5onhttHK7p3ymPeulQUTsZMtG1s4a/Yf7Zq8QOuFv/jVA9/FBbjy8SM/ioUlBpay3q1VL7KQIa1t8jUEY36uIqyFRD0YIcCmIkTU6jQ5EYplXt1QGdSMfSDs7+CcuoipNtlV8VS/5YZXP/hBsg8x6xqHvV988dONj3ekUihd4F+SLa2PYlsyW8WO1pZ/q1Zxcy7ADExeSleeI4EqOPIukSeMRNAmpdkwOIminlQW1+oyUhZfHEEWrxFoKQDg0CSIJ6uQz4XpCnHydmgnkhYoT2CtuUV7MsJ7+S+Ziv/EVEVV15DQBGnV324lhuB1As/tiygTa4P/E/FCXM0uJLcIGoU+gkOIDwt9sQSvrFJ9sYT+3mllLUxkBVeWlvgR+0goTqtjvmO5HbRlXiJ7ml4sjjlHSy7mLCnT/JYM/JYeSkDlvQVG1DFq84MPgh0+ZsGuKU8DKmTlaJPjtHC7zwyQsVT+8FgCPQV8FZet3rqwETVL > Subject: CN=email.1.quietfountain.com > <http://email.1.quietfountain.com>,O=1.QUIETFOUNTAIN.COM > <http://1.QUIETFOUNTAIN.COM> > Subject DNS name: email.1.quietfountain.com > <http://email.1.quietfountain.com>, > email1.1.quietfountain.com <http://email1.1.quietfountain.com>, > email2.1.quietfountain.com <http://email2.1.quietfountain.com>, > email3.1.quietfountain.com <http://email3.1.quietfountain.com>, > email4.1.quietfountain.com <http://email4.1.quietfountain.com>, > email5.1.quietfountain.com <http://email5.1.quietfountain.com>, > email6.1.quietfountain.com > <http://email6.1.quietfountain.com>, > email7.1.quietfountain.com <http://email7.1.quietfountain.com>, > email8.1.quietfountain.com <http://email8.1.quietfountain.com>, > email9.1.quietfountain.com <http://email9.1.quietfountain.com>, > email10.1.quietfountain.com <http://email10.1.quietfountain.com>, > email11.1.quietfountain.com <http://email11.1.quietfountain.com>, > email12.1.quietfountain.com > <http://email12.1.quietfountain.com>, > email13.1.quietfountain.com <http://email13.1.quietfountain.com>, > email14.1.quietfountain.com <http://email14.1.quietfountain.com>, > email15.1.quietfountain.com <http://email15.1.quietfountain.com>, > email16.1.quietfountain.com <http://email16.1.quietfountain.com>, > email17.1.quietfountain.com <http://email17.1.quietfountain.com>, > email18.1.quietfountain.com > <http://email18.1.quietfountain.com>, > email19.1.quietfountain.com <http://email19.1.quietfountain.com>, > email20.1.quietfountain.com <http://email20.1.quietfountain.com>, > email21.1.quietfountain.com <http://email21.1.quietfountain.com>, > email22.1.quietfountain.com <http://email22.1.quietfountain.com>, > email23.1.quietfountain.com <http://email23.1.quietfountain.com>, > email24.1.quietfountain.com > <http://email24.1.quietfountain.com>, > email25.1.quietfountain.com <http://email25.1.quietfountain.com>, > email26.1.quietfountain.com <http://email26.1.quietfountain.com>, > email27.1.quietfountain.com <http://email27.1.quietfountain.com>, > email28.1.quietfountain.com <http://email28.1.quietfountain.com>, > email29.1.quietfountain.com <http://email29.1.quietfountain.com>, > email30.1.quietfountain.com > <http://email30.1.quietfountain.com>, > email31.1.quietfountain.com <http://email31.1.quietfountain.com>, > email32.1.quietfountain.com <http://email32.1.quietfountain.com>, > email33.1.quietfountain.com <http://email33.1.quietfountain.com>, > email34.1.quietfountain.com <http://email34.1.quietfountain.com>, > email35.1.quietfountain.com <http://email35.1.quietfountain.com>, > email36.1.quietfountain.com > <http://email36.1.quietfountain.com>, > email37.1.quietfountain.com <http://email37.1.quietfountain.com>, > email38.1.quietfountain.com <http://email38.1.quietfountain.com>, > email39.1.quietfountain.com <http://email39.1.quietfountain.com>, > email40.1.quietfountain.com <http://email40.1.quietfountain.com>, > email41.1.quietfountain.com <http://email41.1.quietfountain.com>, > email42.1.quietfountain.com > <http://email42.1.quietfountain.com>, > email43.1.quietfountain.com <http://email43.1.quietfountain.com>, > email44.1.quietfountain.com <http://email44.1.quietfountain.com>, > email45.1.quietfountain.com <http://email45.1.quietfountain.com>, > email46.1.quietfountain.com <http://email46.1.quietfountain.com>, > email47.1.quietfountain.com <http://email47.1.quietfountain.com>, > email48.1.quietfountain.com > <http://email48.1.quietfountain.com>, > email49.1.quietfountain.com <http://email49.1.quietfountain.com>, > email50.1.quietfountain.com <http://email50.1.quietfountain.com>, > email51.1.quietfountain.com <http://email51.1.quietfountain.com>, > email52.1.quietfountain.com <http://email52.1.quietfountain.com>, > email53.1.quietfountain.com <http://email53.1.quietfountain.com>, > email54.1.quietfountain.com > <http://email54.1.quietfountain.com>, > email55.1.quietfountain.com <http://email55.1.quietfountain.com>, > email56.1.quietfountain.com <http://email56.1.quietfountain.com>, > email57.1.quietfountain.com <http://email57.1.quietfountain.com>, > email58.1.quietfountain.com <http://email58.1.quietfountain.com>, > email59.1.quietfountain.com <http://email59.1.quietfountain.com>, > email > Issuer: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM > <http://1.QUIETFOUNTAIN.COM> > Not Before: Sun Aug 15 23:03:52 2021 UTC > Not After: Wed Aug 16 23:03:52 2023 UTC > Serial number: 2000 > Serial number (hex): 0x7D0 > Revoked: False > Owner service: > HTTP/[email protected] > <mailto:[email protected]> > [root@registry1 ca]# echo $? > 0 > [root@registry1 ca]# > > > > >> > >> detail: > >> > >> [root@registry1 ~]# ipa cert-show 1 > >> Issuing CA: ipa > >> Certificate: > >> > > MIIEozCCAwugAwIBAgIBATANBgkqhkiG9w0BAQsFADA+MRwwGgYDVQQKDBMxLlFVSUVURk9VTlRBSU4uQ09NMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEwNjEzMTkwNjA1WhcNNDEwNjEzMTkwNjA1WjA+MRwwGgYDVQQKDBMxLlFVSUVURk9VTlRBSU4uQ09NMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDGSq+Nim03HfChgq4uLuYh9JRZcGZQO08iUNGJRzFkBKehS1sZwbXlACSYC32SbqyHBiRXE4VlLmMuKwNzp0/HgLojgA+Cfx6/Ta+eiGq0M7qX2y2rKoZOGtrWo23uYqx02Xs/UKBzZ8EHZFc9rqDsU7muvCDcuniTH6r3Nc6aJyJs9ksa66BkSsEu3KnmTTvvu8Vfl5Wu8ZQwwaEEpLNDagNrN3dICD6zr+ysm4nr6cJlU+884ayUGdgyQRQXI28z173b14M1JhUbFeLsLpTOYIXAn0eQa5uaSrIi7YF5FUH6fczwt7PACzyPy5c7W8ayYgosKZCWKdo456ingv2kNbDh8lX5qmaK8163b3nqnk6VkO11FtwGwQQzzkMDUEkIDOxqisjqDtgNzRWx3XC/F1zojZjVKCQ6sRM2G26fY+qRHxxhPzeWrh6TD3HJLvVDBpMFAONrLSJeXXmaj+zkob4uBv7X8TYdVO8xPKVC1p+t9OqhFoE5r9pXD5SaWGUCAwEAAaOBqzCBqDAfBgNVHSMEGDAWgBRdbkmF2QnMBkVl/2zHw1FyAEtvmzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUXW5JhdkJzAZFZf9sx8NRcgBLb5swRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNhLjEucXVpZXRmb3VudGFpbi5jb20vY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAq86t5DfFgXEKWTyOH0TgGIW2fVNVoeThc7emUx3P0wxkFK05grDlAW+sTbNe8aw4h8BowixIfDQ8hfwZVn7LIXqbOohNs0AMPaRc5XYOqU/ciG11YiI6jgEMhtC5fBlT3Ni4U7JQlikI7xcLlpWleSQTp+KX2sEFnASxHWkzlX0iWOwIZAr9CHpo06HH1yukfvosIsfRpdbpXPRcLaZ1pUlCUlviDEsI+HIkU/5N8Jja13BSguT5daCMywtFTwtzWgWSKtMC2AoH2y7+Dufu3/YDpR0WhdzJSS0ZztJULUJw6DGKO03EtuIvGVwoOqDSo10GYPxwF4HQHXQBNzed9tRKkpbBCNNx1L6hHbH+OutGNGDc9Dl9PWRHu3OP0ME5NdAq0rW6+Ibao+Dv5R3jxV8R0ky+08jyqMSVzzYYGz10y5DWFkyQfFO2daX6DBlWPRIf7hZJv4NW9Dd3KQZKIduZMGScvBKy1QaPu1WJVftNU5J6F67xiTUBxFXfM+hm > >> Subject: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM > <http://1.QUIETFOUNTAIN.COM> > >> Issuer: CN=Certificate Authority,O=1.QUIETFOUNTAIN.COM > <http://1.QUIETFOUNTAIN.COM> > >> Not Before: Sun Jun 13 19:06:05 2021 UTC > >> Not After: Thu Jun 13 19:06:05 2041 UTC > >> Serial number: 1 > >> Serial number (hex): 0x1 > >> Revoked: False > >> [root@registry1 ~]# systemctl is-system-running > >> running > >> [root@registry1 ~]# > >> > >> > >> notice /var/log/pki/pki-tomcat/ca/debug.2021-08-18.log > >> > >> ends with: > >> > >> > >> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] INFO: > >> DBVirtualList: dn: cn=2000,ou=certificateRepository,ou=ca,o=ipaca > >> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] SEVERE: > >> Operation Error - class netscape.ldap.LDAPException cannot be > cast to > >> class netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and > >> netscape.ldap.LDAPEntry are in unnamed module of loader > >> java.net.URLClassLoader @5fcfe4b2) > >> java.lang.ClassCastException: class netscape.ldap.LDAPException > cannot > >> be cast to class netscape.ldap.LDAPEntry > (netscape.ldap.LDAPException > >> and netscape.ldap.LDAPEntry are in unnamed module of loader > >> java.net.URLClassLoader @5fcfe4b2) > >> at > >> > com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:477) > >> at > >> > com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:610) > >> at > >> > com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:602) > >> at > >> > > com.netscape.cmscore.dbs.DBVirtualList.getElementAt(DBVirtualList.java:754) > >> at > >> > > com.netscape.cmscore.dbs.CertRecordList.getCertRecord(CertRecordList.java:110) > >> at > >> > org.dogtagpki.server.ca.rest.CertService.searchCerts(CertService.java:474) > >> at > >> > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > >> Method) > >> at > >> > > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > >> at > >> > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > >> at > java.base/java.lang.reflect.Method.invoke(Method.java:566) > >> at > >> > > org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) > >> at > >> > > org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) > >> at > >> > > org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) > >> at > >> > > org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) > >> at > >> > > org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) > >> at > >> > > org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) > >> at > >> > > org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) > >> at > >> > > org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) > >> at > >> > > org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) > >> at > javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > >> at > jdk.internal.reflect.GeneratedMethodAccessor55.invoke(Unknown > >> Source) > >> at > >> > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > >> at > java.base/java.lang.reflect.Method.invoke(Method.java:566) > >> at > >> > > org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280) > >> at > java.base/java.security.AccessController.doPrivileged(Native > >> Method) > >> at > >> > java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) > >> at > >> > org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311) > >> at > >> > > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:221) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146) > >> at > java.base/java.security.AccessController.doPrivileged(Native > >> Method) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) > >> at > >> > org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) > >> at > jdk.internal.reflect.GeneratedMethodAccessor49.invoke(Unknown > >> Source) > >> at > >> > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > >> at > java.base/java.lang.reflect.Method.invoke(Method.java:566) > >> at > >> > > org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280) > >> at > java.base/java.security.AccessController.doPrivileged(Native > >> Method) > >> at > >> > java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) > >> at > >> > org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311) > >> at > >> > > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:187) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146) > >> at > java.base/java.security.AccessController.doPrivileged(Native > >> Method) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) > >> at > >> > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) > >> at > >> > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) > >> at > >> > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) > >> at > >> > > com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82) > >> at > >> > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) > >> at > >> > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) > >> at > >> > > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) > >> at > >> > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) > >> at > >> > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) > >> at > org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433) > >> at > >> > > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) > >> at > >> > > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893) > >> at > >> org.apache.tomcat.util.net > > <http://org.apache.tomcat.util.net>.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707) > >> at > >> org.apache.tomcat.util.net > > <http://org.apache.tomcat.util.net>.SocketProcessorBase.run(SocketProcessorBase.java:49) > >> at > >> > > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > >> at > >> > > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > >> at > >> > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > >> at java.base/java.lang.Thread.run(Thread.java:829) > >> > >> 2021-08-18 16:42:16 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] > SEVERE: Unable > >> to search for certificates: java.lang.ClassCastException: class > >> netscape.ldap.LDAPException cannot be cast to class > >> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and > >> netscape.ldap.LDAPEntry are in unnamed module of loader > >> java.net.URLClassLoader @5fcfe4b2) > >> java.lang.RuntimeException: java.lang.ClassCastException: class > >> netscape.ldap.LDAPException cannot be cast to class > >> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and > >> netscape.ldap.LDAPEntry are in unnamed module of loader > >> java.net.URLClassLoader @5fcfe4b2) > >> at > >> > com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:523) > >> at > >> > com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:610) > >> at > >> > com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:602) > >> at > >> > > com.netscape.cmscore.dbs.DBVirtualList.getElementAt(DBVirtualList.java:754) > >> at > >> > > com.netscape.cmscore.dbs.CertRecordList.getCertRecord(CertRecordList.java:110) > >> at > >> > org.dogtagpki.server.ca.rest.CertService.searchCerts(CertService.java:474) > >> at > >> > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > >> Method) > >> at > >> > > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > >> at > >> > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > >> at > java.base/java.lang.reflect.Method.invoke(Method.java:566) > >> at > >> > > org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) > >> at > >> > > org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) > >> at > >> > > org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) > >> at > >> > > org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) > >> at > >> > > org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) > >> at > >> > > org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) > >> at > >> > > org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) > >> at > >> > > org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) > >> at > >> > > org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) > >> at > javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > >> at > jdk.internal.reflect.GeneratedMethodAccessor55.invoke(Unknown > >> Source) > >> at > >> > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > >> at > java.base/java.lang.reflect.Method.invoke(Method.java:566) > >> at > >> > > org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280) > >> at > java.base/java.security.AccessController.doPrivileged(Native > >> Method) > >> at > >> > java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) > >> at > >> > org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311) > >> at > >> > > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:221) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146) > >> at > java.base/java.security.AccessController.doPrivileged(Native > >> Method) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) > >> at > >> > org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) > >> at > jdk.internal.reflect.GeneratedMethodAccessor49.invoke(Unknown > >> Source) > >> at > >> > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > >> at > java.base/java.lang.reflect.Method.invoke(Method.java:566) > >> at > >> > > org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280) > >> at > java.base/java.security.AccessController.doPrivileged(Native > >> Method) > >> at > >> > java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) > >> at > >> > org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311) > >> at > >> > > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:187) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146) > >> at > java.base/java.security.AccessController.doPrivileged(Native > >> Method) > >> at > >> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) > >> at > >> > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) > >> at > >> > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) > >> at > >> > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) > >> at > >> > > com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82) > >> at > >> > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) > >> at > >> > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) > >> at > >> > > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) > >> at > >> > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) > >> at > >> > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) > >> at > org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433) > >> at > >> > > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) > >> at > >> > > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893) > >> at > >> org.apache.tomcat.util.net > > <http://org.apache.tomcat.util.net>.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707) > >> at > >> org.apache.tomcat.util.net > > <http://org.apache.tomcat.util.net>.SocketProcessorBase.run(SocketProcessorBase.java:49) > >> at > >> > > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > >> at > >> > > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > >> at > >> > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > >> at java.base/java.lang.Thread.run(Thread.java:829) > >> Caused by: java.lang.ClassCastException: class > >> netscape.ldap.LDAPException cannot be cast to class > >> netscape.ldap.LDAPEntry (netscape.ldap.LDAPException and > >> netscape.ldap.LDAPEntry are in unnamed module of loader > >> java.net.URLClassLoader @5fcfe4b2) > >> at > >> > com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:477) > >> ... 62 more > >> > >> > >> > >> _______________________________________________ > >> FreeIPA-users mailing list -- > [email protected] > <mailto:[email protected]> > >> To unsubscribe send an email to > [email protected] > <mailto:[email protected]> > >> Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> > >> List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > <https://fedoraproject.org/wiki/Mailing_list_guidelines> > >> List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > <https://lists.fedorahosted.org/archives/list/[email protected]> > >> Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > <https://pagure.io/fedora-infrastructure> > >> > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > <mailto:[email protected]> > To unsubscribe send an email to > [email protected] > <mailto:[email protected]> > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > <https://fedoraproject.org/wiki/Mailing_list_guidelines> > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > <https://lists.fedorahosted.org/archives/list/[email protected]> > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > <https://pagure.io/fedora-infrastructure> >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
