Fujisan via FreeIPA-users wrote: > I ran 'ipactl status' > ------------------------- > # ipactl status > Directory Service: RUNNING > krb5kdc Service: RUNNING > kadmin Service: RUNNING > named Service: RUNNING > httpd Service: RUNNING > ipa-custodia Service: RUNNING > pki-tomcatd Service: STOPPED > ipa-otpd Service: RUNNING > ipa-dnskeysyncd Service: RUNNING > ipa: INFO: The ipactl command was successful> ------------------------- >
The CA is an application run within tomcat so it is perfectly possible for tomcat to be running and the CA to not be running. That seems to be the case when you manually start the service. ipactl check that the CA is actually up and kills everything if it is not. As suggested by the original logging, find the CA debug log in /var/lib/pki/pki-tomcat/ca/debug* I'd also make sure nothing is expired: # getcert list | grep expires rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
