Problems with the GridShib-CA can be tricky to diagnosis because they could be Apache, Shibboleth or GridShib-CA problems. The first step is to figure out with which of these components the problem lies. Checking the following logs is a good way to do that:

  1. Check your system logs (e.g. /var/log/messages) for messages. The GridShib-CA scripts will log errors here.

  2. Check your apache ssl_error_logs (e.g. /var/log/http/ssl_error_logs) for messages. Errors encountered by Apache will be logged here.

  3. Check your Shibboleth logs. Check log4j.appender.shibd_log.fileName in /etc/shibboleth/shid.logger for the location of this log.

NOTE: You can also enable debugging for the GridShibCA by setting "debug = true" in gridshib-ca.conf.