[Pki-users] [HELP NEEDED] External CA configuration for Dogtag

Hello, I am an engineer from India and I have been struggling with this for the past 2 weeks. Request you to help me out. *USE-CASE: * Dogtag is the private CA for multiple services in a cluster. Trust is established by providing the root certificate of dogtag to all the services. What happens if dogtag crashes? All the services will have to be given the root certificate of the new dogatg. How can we avoid this? Can we bring up multiple instances dogtag with a static certificate every time? The only way I could find is by using the* external CA* option. I am following the 2-step pkispawn process with 2 config files (deployment-1.cfg and deployment-2.cfg) In the first step the csr is generated. I take the csr and get a certificate from the external CA and place it in the required location. The root certificate of the CA has also been placed in the required location. Step 2 of pkispawn goes through and the ca_admin cert is generated and signed. However, when i make a REST call to list the certificates, I get 2 different errors: (Please note that I replicated the same steps with same files on 2 setups and got 2 errors) curl -k --request GET https://localhost:9443/ca/rest/certs *ERROR 1* <?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><ClassName>com.netscape.certsrv.base.PKIException</ClassName><Code>500</Code><Message>Error listing certs in CertsResourceService.listCerts!</Message><Attributes/></PKIException *ERROR 2* With the same steps i also get a NullPointerException as well (Attached logs - null-pointer-error.txt) When i see the status of my pki-instance after pkispawn step-2, It says the Instance is loaded and needs to be configured. (attched logs : post-pkispawn-2.txt) However it starts using systemctl without any errors I suspect I am missing some part in the configuration. Any help/pointers would be very helpful! Thanks Kritee *Attached files : * deployment-1.txt - config file for pkispawn step 1 deployment-2.txt - config file for pkispawn step 2 pkispawn-1-log.txt - logs for pkisppawn step 1 pkispan-2-log.txt - logs for pkispawn step 2 dogtag-cert.txt - root certificate of dogtag generated by external CA ca-admin-cert.txt - admin cert signed by dogtag null-pointer-error.txt - null pointer exception while making a REST call to list certs post-pkispawn-2.txt - status of pki-instance after pkispawn step 2