Hello. I've got a problem with spawning kra subsystem on existing Dogtag instance which was created as part of IPA installation. When i run ipa- kra-install or pkispawn -s KRA, the result is the same error in /var/lib/pki/pki-tomcat/kra/logs/debug (see bellow). The pki version is 10.4.1, the ca component works without problem. I've tried turning off SELinux, checked file permissions on the pki- tomcat componets but haven't found anything wrong. Has anyone an idea, how to debug or solve this problem? The debug level is set to 0 for KRA component and still no hint what might be the problem. Thank you for any hint. The last lines in the debug log are: 29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: getting public key for certificate transport [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: getting private key for certificate transport [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: private key ID: 76c3a8268120fe025d [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: generating generic extensions [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: ConfigurationUtils: createGenericExtensions: begins [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: generating PKCS #10 request [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: generateCertRequest: storing cert request [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: configCert: caType is remote [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: ConfigurationUtils: updateConfig() for certTag storage [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: updateConfig() done [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: configCert: remote CA [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: CertRequestPanel: got public key [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: CertRequestPanel: got private key [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: ConfigurationUtils: injectSAN=false [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: CertUtil: content: {xmlOutput=[true], cert_request_type=[pkcs10], profil eId=[caInternalAuthDRMstorageCert], cert_request=[MIICfjCCAWYCAQAwOTEV... [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: ConfigurationUtils: POST https://server:443/ca/ee/ca/profileSubmit [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: Server certificate: [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: - subject: CN=server,O=REALM [29/Aug/2017:13:21:54][http-bio-8443-exec-25]: - issuer: CN=Certificate Authority,O=REALM [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: CertUtil: status: 0 [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: CertUtil: cert: MMIIDdjC... [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: getting public key for certificate storage [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: getting private key for certificate storage [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: private key ID: 74c90cb1bb054bd06d9e8b6013 [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: generating generic extensions [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: ConfigurationUtils: createGenericExtensions: begins [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: generating PKCS #10 request [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: generateCertRequest: storing cert request java.lang.NullPointerException at java.util.Hashtable.put(Hashtable.java:459) at com.netscape.cmscore.base.SourceConfigStore.put(SourceConfigStore.java:57) at com.netscape.cmscore.base.PropConfigStore.put(PropConfigStore.java:157) at com.netscape.cmscore.base.PropConfigStore.putString(PropConfigStore.java:306) at org.dogtagpki.server.rest.SystemConfigService.updateConfiguration(SystemConfigService.java:593) at org.dogtagpki.server.rest.SystemConfigService.processCerts(SystemConfigService.java:359) at org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:176) at org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:110) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) ... [29/Aug/2017:13:21:55][http-bio-8443-exec-25]: Error in setting certificate names and key sizes: java.lang.NullPointerException -- Michal Kašpar