On 02/20/2013 08:43 AM, Bret Wortman wrote:
> [root@oldmaster]# pkicontrol start ca PKI-IPA
PKI-IPA is an invalid 'pki-ca' instance

Is there another, preferred way to start it?

pkiconsole is used to monitor/configure your instance, it's a GUI application. Perhaps it can also be used to start/stop instances but I've never seen it used that way and we don't use pkiconsole at all.

Normally the pki-ca instance is controlled using the same service commands for any other daemon. Some of this has been in flux so the details may depend on your exact OS. If you don't provide a specific instance to start/stop then the service command will apply the action to all your instances, usaully this is fine as usaully you only have one instance.

As for debugging what is going on. pki-ca is a tomcat instance. You need to locate it's log files under /var/log depending on the release it can be named slightly differently but it should be obvious. You need to understand how a tomcat instance starts, again this depends on the release. Early start up messages will be written to catalina.out, those are tomcat specific messages, if you have problems opening sockets (for instance bad certs) it should show up in this file. Once tomcat hands control over to the application (i.e. pki-ca) you will see messages in the "debug" file located under the /var/log/pki-ca (or whatever, depends on the release) directory. As I said it should be easy to find. Look in that file for obvious problems.


I forget the exact version you're running on which OS. If the above is not specific enough we can get the dogtag folks to jump in.

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to