diff --git a/.github/workflows/ca-container-basic-test.yml b/.github/workflows/ca-container-basic-test.yml
index 6c577fd4539..b1b3153f1fd 100644
--- a/.github/workflows/ca-container-basic-test.yml
+++ b/.github/workflows/ca-container-basic-test.yml
@@ -313,8 +313,11 @@ jobs:
         run: |
           docker restart ca
 
+          sleep 10
+
           # wait for CA to restart
           docker exec client curl \
+              -v \
               --retry 180 \
               --retry-delay 0 \
               --retry-connrefused \
diff --git a/base/ca/bin/pki-ca-run b/base/ca/bin/pki-ca-run
index 280e1f6a61c..30a2324b83f 100755
--- a/base/ca/bin/pki-ca-run
+++ b/base/ca/bin/pki-ca-run
@@ -361,15 +361,20 @@ rm /tmp/sslserver.crt
 echo "################################################################################"
 echo "INFO: Starting CA server"
 
+trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM
+
 if [ "$UID" = "0" ]; then
     # In Docker the server runs as root user but it will switch
     # into pkiuser (UID=17) that belongs to the root group (GID=0).
-    pki-server run
-
+    pki-server run &
+    PID=$!
+    wait $PID
 else
     # In OpenShift/Podman the server runs as a non-root user
     # (with a random UID) that belongs to the root group (GID=0).
     #
     # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
-    pki-server run --as-current-user
+    pki-server run --as-current-user &
+    PID=$!
+    wait $PID
 fi