Bug 495597 - Unable to access Agent page using a configured CA/KRA containing an HSM
Unable to access Agent page using a configured CA/KRA containing an HSM
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: CA (Show other bugs)
1.1
All Linux
urgent Severity medium
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-04-13 19:35 EDT by Matthew Harmsen
Modified: 2015-01-04 18:37 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:34:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Elimination of "bad MAC" Error (4.64 KB, patch)
2009-04-21 20:54 EDT, Matthew Harmsen
no flags Details | Diff
Elimination of "bad MAC" Error (spec files) (3.80 KB, patch)
2009-04-21 20:55 EDT, Matthew Harmsen
no flags Details | Diff
Make Installation Wizard use "admin" port; re-enable filters (phase 1) (64 bytes, text/plain)
2009-04-28 12:59 EDT, Matthew Harmsen
no flags Details
Make Installation Wizard use "admin" port; re-enable filters (phase 1 - spec files) (64 bytes, text/plain)
2009-04-28 13:03 EDT, Matthew Harmsen
no flags Details
Make Installation Wizard use "admin" port, re-enable filters, cleanup Port Separation, etc. (64 bytes, text/plain)
2009-05-05 22:07 EDT, Matthew Harmsen
no flags Details
Make Installation Wizard use "admin" port, re-enable filters, cleanup Port Separation, etc. (dogtag + spec files) (64 bytes, text/plain)
2009-05-05 22:08 EDT, Matthew Harmsen
no flags Details

  None (edit)
Description Matthew Harmsen 2009-04-13 19:35:20 EDT
From Bugzilla Bug #495157:

At this point I set "setenforce 0" to put selinux in permissive mode and
finished the CA config wizard. Everything went ok except I couldn't login to the agent page.

I noticed this error:

Secure Connection Failed

An error occurred during a connection to gamma.dsdev.sjc.redhat.com:9443.

SSL peer reports incorrect Message Authentication Code.

(Error code: ssl_error_bad_mac_alert)



Additionally, from comment #2 of Bugzilla Bug #495157:

It's been reported that without SELinux turned to permissive, with HSM
attached, the Done panel's url disply was incorrect, and that was the reason of
the bad_record_mac_ssl.  A workaround is to manually type in the correct url.

It needs to be investigated though why the presence of the hsm would cause the
url to be incorrectly displayed.
Comment 1 Chandrasekar Kannan 2009-04-16 20:39:37 EDT
with selinux in permissive mode, I still cannot access the agent page.
get ssl_error_bad_mac_alert. my url comes up as 

https://delta.dsdev.sjc.redhat.com:9443/ca/agent/ca

I see nothing wrong with the url in permissive mode.
Comment 2 Chandrasekar Kannan 2009-04-17 02:03:12 EDT
ssltap output...

[root@delta ~]# ssltap -hfsxl delta.dsdev.sjc.redhat.com:9443
<HTML><HEAD><TITLE>SSLTAP output</TITLE></HEAD>
<BODY><PRE>
Looking up "delta.dsdev.sjc.redhat.com"...
Proxy socket ready and listening
<p><HR><H2>Connection #1 [Thu Apr 16 16:02:31 2009]
</H2>Connected to delta.dsdev.sjc.redhat.com:9443
--> [
<font color=blue>   0: 16 03 01 00  aa 01 00 00  a6 03 01 49  e8 1b 14 24  | ...........I...$
  10: bc 77 a7 2c  1f 23 b9 60  77 8c a5 0b  2d 3e f1 5b  | .w.,.#.`w...-&gt;.[
  20: e4 01 27 47  18 a8 ae cf  9f 05 da 00  00 18 00 39  | ..'G...........9
  30: 00 38 00 35  00 33 00 32  00 04 00 05  00 2f 00 16  | .8.5.3.2...../..
  40: 00 13 fe ff  00 0a 01 00  00 65 00 00  00 1f 00 1d  | .........e......
  50: 00 00 1a 64  65 6c 74 61  2e 64 73 64  65 76 2e 73  | ...delta.dsdev.s
  60: 6a 63 2e 72  65 64 68 61  74 2e 63 6f  6d 00 0a 00  | jc.redhat.com...
  70: 34 00 32 00  01 00 02 00  03 00 04 00  05 00 06 00  | 4.2.............
  80: 07 00 08 00  09 00 0a 00  0b 00 0c 00  0d 00 0e 00  | ................
  90: 0f 00 10 00  11 00 12 00  13 00 14 00  15 00 16 00  | ................
  a0: 17 00 18 00  19 00 0b 00  02 01 00 00  23 00 00     | ............#..
(175 bytes of 170)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 16 03 01 00  aa                                     | .....
   type    = 22 (handshake)
   version = { 3,1 }
   length  = 170 (0xaa)
   handshake {
   0: 01 00 00 a6                                         | ....
      type = 1 (client_hello)
      length = 166 (0x0000a6)
         ClientHelloV3 {
            client_version = {3, 1}
            random = {...}
   0: 49 e8 1b 14  24 bc 77 a7  2c 1f 23 b9  60 77 8c a5  | I...$.w.,.#.`w..
  10: 0b 2d 3e f1  5b e4 01 27  47 18 a8 ae  cf 9f 05 da  | .-&gt;.[..'G.......
            session ID = {
                length = 0
                contents = {...}
            }
            cipher_suites[12] = { 
                (0x0039) TLS/DHE-RSA/AES256-CBC/SHA
                (0x0038) TLS/DHE-DSS/AES256-CBC/SHA
                (0x0035) TLS/RSA/AES256-CBC/SHA
                (0x0033) TLS/DHE-RSA/AES128-CBC/SHA
                (0x0032) TLS/DHE-DSS/AES128-CBC/SHA
                (0x0004) SSL3/RSA/RC4-128/MD5
                (0x0005) SSL3/RSA/RC4-128/SHA
                (0x002f) TLS/RSA/AES128-CBC/SHA
                (0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
                (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
                (0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
                (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
            }
            compression[1] = { 00 }
            extensions[101] = {
              extension type server_name, length [31] = {
   0: 00 1d 00 00  1a 64 65 6c  74 61 2e 64  73 64 65 76  | .....delta.dsdev
  10: 2e 73 6a 63  2e 72 65 64  68 61 74 2e  63 6f 6d     | .sjc.redhat.com
              }
              extension type elliptic_curves, length [52] = {
   0: 00 32 00 01  00 02 00 03  00 04 00 05  00 06 00 07  | .2..............
  10: 00 08 00 09  00 0a 00 0b  00 0c 00 0d  00 0e 00 0f  | ................
  20: 00 10 00 11  00 12 00 13  00 14 00 15  00 16 00 17  | ................
  30: 00 18 00 19                                         | ....
              }
              extension type ec_point_formats, length [2] = {
   0: 01 00                                               | ..
              }
              extension type session_ticket, length [0]
            }
         }
   }
}
</font>]
<-- [
<font color=red>   0: 16 03 01 07  bd 02 00 00  46 03 01 49  e7 b9 07 3d  | ........F..I...=
  10: 96 23 75 66  37 4f ee ad  aa 6f 0d 83  bc d3 aa 98  | .#uf7O...o......
  20: f1 41 ea ed  9e 5b 87 29  18 d9 94 20  2f 64 49 eb  | .A...[.)... /dI.
  30: f7 2b 88 8b  82 46 56 5f  88 45 8b 91  36 28 60 86  | .+...FV_.E..6(`.
  40: 27 b6 d2 63  4e 90 ba d6  9c d4 a2 01  00 04 00 0b  | '..cN...........
  50: 00 07 6b 00  07 68 00 03  a6 30 82 03  a2 30 82 02  | ..k..h...0...0..
  60: 8a a0 03 02  01 02 02 01  03 30 0d 06  09 2a 86 48  | .........0...*.H
  70: 86 f7 0d 01  01 05 05 00  30 46 31 24  30 22 06 03  | ........0F1$0"..
  80: 55 04 0a 13  1b 44 73 64  65 76 53 6a  63 52 65 64  | U....DsdevSjcRed
  90: 68 61 74 20  44 6f 6d 61  69 6e 20 64  65 6c 74 61  | hat Domain delta
  a0: 31 1e 30 1c  06 03 55 04  03 13 15 43  65 72 74 69  | 1.0...U....Certi
  b0: 66 69 63 61  74 65 20 41  75 74 68 6f  72 69 74 79  | ficate Authority
  c0: 30 1e 17 0d  30 39 30 34  31 36 31 37  32 34 31 31  | 0...090416172411
  d0: 5a 17 0d 31  31 30 34 30  36 31 37 32  34 31 31 5a  | Z..110406172411Z
  e0: 30 4b 31 24  30 22 06 03  55 04 0a 13  1b 44 73 64  | 0K1$0"..U....Dsd
  f0: 65 76 53 6a  63 52 65 64  68 61 74 20  44 6f 6d 61  | evSjcRedhat Doma
 100: 69 6e 20 64  65 6c 74 61  31 23 30 21  06 03 55 04  | in delta1#0!..U.
 110: 03 13 1a 64  65 6c 74 61  2e 64 73 64  65 76 2e 73  | ...delta.dsdev.s
 120: 6a 63 2e 72  65 64 68 61  74 2e 63 6f  6d 30 82 01  | jc.redhat.com0..
 130: 22 30 0d 06  09 2a 86 48  86 f7 0d 01  01 01 05 00  | "0...*.H........
 140: 03 82 01 0f  00 30 82 01  0a 02 82 01  01 00 9c 30  | .....0.........0
 150: 45 4f 53 eb  0c f1 2f fc  6c 74 e6 4a  53 e7 fe f6  | EOS.../.lt.JS...
 160: 77 2e 5b 30  c1 94 97 51  5e c2 e6 5c  80 f3 0e a6  | w.[0...Q^..\....
 170: 37 5a da 58  2d 63 ff ff  14 e5 f8 72  0e e2 b3 9f  | 7Z.X-c.....r....
 180: 07 8a a1 cd  74 b3 be 52  5d 6b 2d 45  93 d8 9a 83  | ....t..R]k-E....
 190: 55 2b 86 a8  1f e4 ef dd  d6 25 67 1f  d5 6d 97 05  | U+.......%g..m..
 1a0: da a3 51 c9  02 8b 4f a6  87 e9 78 f9  43 78 db 2e  | ..Q...O...x.Cx..
 1b0: 4c bc ed 16  d7 97 4c 5e  2e d7 c8 23  7c 14 40 0a  | L.....L^...#|.@.
 1c0: 91 47 2d 44  cd 84 5a e5  96 49 aa 3e  0a 70 b0 1c  | .G-D..Z..I.&gt;.p..
 1d0: 78 b5 d9 96  31 db a4 2f  7b f4 f1 e3  06 19 51 44  | x...1../{.....QD
 1e0: db 42 f6 0e  28 d5 12 75  3f 59 cd 5e  60 17 26 a7  | .B..(..u?Y.^`.&amp;.
 1f0: f8 99 0c d4  c4 55 6e b9  3e 92 52 7a  ea 95 fb 82  | .....Un.&gt;.Rz....
 200: 09 93 08 c6  68 64 7f 58  67 90 2d e3  ad 9b a2 91  | ....hdXg.-.....
 210: cf 14 75 8b  3f 57 96 d0  4d cc 6a e3  6a 62 00 8a  | ..u.?W..M.j.jb..
 220: 0d 11 41 80  a4 48 1b 0c  78 f5 cd c6  5f fe 6d 7d  | ..A..H..x..._.m}
 230: 8d 6c ac af  fe c3 dd 65  b5 e2 ff 62  80 fd 98 1b  | .l.....e...b....
 240: 0e 96 31 18  92 6d e4 9a  55 5d d4 40  92 81 02 03  | ..1..m..U].@....
 250: 01 00 01 a3  81 95 30 81  92 30 1f 06  03 55 1d 23  | ......0..0...U.#
 260: 04 18 30 16  80 14 76 1e  c5 f9 4a 32  93 43 41 c8  | ..0...v...J2.CA.
 270: 2c 14 56 0f  a3 8d 2d 6a  2c 30 30 4a  06 08 2b 06  | ,.V...-j,00J..+.
 280: 01 05 05 07  01 01 04 3e  30 3c 30 3a  06 08 2b 06  | .......&gt;0&lt;0:..+.
 290: 01 05 05 07  30 01 86 2e  68 74 74 70  3a 2f 2f 64  | ....0...http://d
 2a0: 65 6c 74 61  2e 64 73 64  65 76 2e 73  6a 63 2e 72  | elta.dsdev.sjc.r
 2b0: 65 64 68 61  74 2e 63 6f  6d 3a 39 31  38 30 2f 63  | edhat.com:9180/c
 2c0: 61 2f 6f 63  73 70 30 0e  06 03 55 1d  0f 01 01 ff  | a/ocsp0...U.....
 2d0: 04 04 03 02  04 f0 30 13  06 03 55 1d  25 04 0c 30  | ......0...U.%..0
 2e0: 0a 06 08 2b  06 01 05 05  07 03 01 30  0d 06 09 2a  | ...+.......0...*
 2f0: 86 48 86 f7  0d 01 01 05  05 00 03 82  01 01 00 2c  | .H.............,
 300: cc 8c 20 77  93 a5 1f 99  27 27 12 41  6c 2a b4 de  | .. w....''.Al*..
 310: 1f 62 c8 da  28 f2 0a d3  34 6f db 59  0e 33 60 76  | .b..(...4o.Y.3`v
 320: fe 86 4a 3d  e3 f4 e5 b7  1a 34 f5 2e  d8 1d 1f 82  | ..J=.....4......
 330: a0 ad 77 c5  1e a6 9d 12  56 33 4a a4  85 c4 52 9e  | ..w.....V3J...R.
 340: dc 14 5a b8  1f 53 25 6e  34 f0 bd 8f  6d 49 e2 6a  | ..Z..S%n4...mI.j
 350: c3 c9 32 13  ff 38 c2 61  03 42 8c 1d  d2 0c b4 21  | ..2..8.a.B.....!
 360: 87 b6 a0 aa  9b 9d c4 db  f0 b7 73 bf  85 c6 7b f4  | ..........s...{.
 370: 04 90 65 84  7f 73 f7 f4  be f0 03 cb  68 eb 1e d2  | ..e.s......h...
 380: 7b 80 0d 81  d0 9c c3 47  67 bc 43 96  80 a6 96 92  | {......Gg.C.....
 390: e3 87 b4 5f  5c bb fc 88  8c 65 54 3a  d3 7e bf 66  | ..._\....eT:.~.f
 3a0: cc 17 bc 0f  a8 76 c7 2f  09 bf 73 31  7a 23 b7 7e  | .....v./..s1z#.~
 3b0: 95 fe 4d 8a  bb b2 9f ea  36 53 12 c3  ab 9a f8 74  | ..M.....6S.....t
 3c0: ef f0 99 66  a4 1b 7a de  e4 eb f6 79  d1 f8 0b 0a  | ...f..z....y....
 3d0: 40 e1 b0 96  50 c4 86 88  1d 7b 8d 97  5c ee e9 35  | @...P....{..\..5
 3e0: ad 70 de d1  51 05 1e ff  c0 20 14 c4  49 cf dd b3  | .p..Q.... ..I...
 3f0: 7e d8 38 a3  88 93 9e 04  bb 80 c7 57  2a 5d 10 00  | ~.8........W*]..
 400: 03 bc 30 82  03 b8 30 82  02 a0 a0 03  02 01 02 02  | ..0...0.........
 410: 01 01 30 0d  06 09 2a 86  48 86 f7 0d  01 01 05 05  | ..0...*.H.......
 420: 00 30 46 31  24 30 22 06  03 55 04 0a  13 1b 44 73  | .0F1$0"..U....Ds
 430: 64 65 76 53  6a 63 52 65  64 68 61 74  20 44 6f 6d  | devSjcRedhat Dom
 440: 61 69 6e 20  64 65 6c 74  61 31 1e 30  1c 06 03 55  | ain delta1.0...U
 450: 04 03 13 15  43 65 72 74  69 66 69 63  61 74 65 20  | ....Certificate 
 460: 41 75 74 68  6f 72 69 74  79 30 1e 17  0d 30 39 30  | Authority0...090
 470: 34 31 36 31  37 32 34 31  30 5a 17 0d  31 31 30 34  | 416172410Z..1104
 480: 30 36 31 37  32 34 31 30  5a 30 46 31  24 30 22 06  | 06172410Z0F1$0".
 490: 03 55 04 0a  13 1b 44 73  64 65 76 53  6a 63 52 65  | .U....DsdevSjcRe
 4a0: 64 68 61 74  20 44 6f 6d  61 69 6e 20  64 65 6c 74  | dhat Domain delt
 4b0: 61 31 1e 30  1c 06 03 55  04 03 13 15  43 65 72 74  | a1.0...U....Cert
 4c0: 69 66 69 63  61 74 65 20  41 75 74 68  6f 72 69 74  | ificate Authorit
 4d0: 79 30 82 01  22 30 0d 06  09 2a 86 48  86 f7 0d 01  | y0.."0...*.H....
 4e0: 01 01 05 00  03 82 01 0f  00 30 82 01  0a 02 82 01  | .........0......
 4f0: 01 00 df 53  9f 4a 8d b8  c8 f0 6b cd  8b 2f f0 ac  | ...S.J....k../..
 500: a7 22 09 4b  a8 1a c3 70  4e e0 ab 65  4d f8 da c3  | .".K...pN..eM...
 510: 7d b4 0e bf  07 d5 b4 40  19 82 89 b4  e9 ce 81 5e  | }......@.......^
 520: 4b b7 da f9  10 9e 28 62  0d 64 98 6b  d1 eb c4 c1  | K.....(b.d.k....
 530: d2 80 7e 48  81 22 e4 ff  f8 04 0b 1d  61 d4 22 86  | ..~H."......a.".
 540: 92 2b 1e d1  d7 4f 75 17  ff 7e 57 dc  f2 fc de 6a  | .+...Ou..~W....j
 550: 19 4d 3d c8  9b 27 80 e2  cc 2a 9c 37  5c 77 b2 b9  | .M=..'...*.7\w..
 560: 86 cc a9 db  fc d4 e0 69  48 3b 7a 55  e7 2f 12 bc  | .......iH;zU./..
 570: 9d 10 5d d9  92 62 99 6a  77 e4 96 b4  7f e0 aa 2d  | ..]..b.jw.....-
 580: 94 9c 19 0c  9b 3e 08 b1  ff 7b eb c9  5d 92 e6 b9  | .....&gt;...{..]...
 590: 7f b3 21 08  e9 5b e3 ea  68 2a 36 10  b0 56 9c 1e  | .!..[..h*6..V..
 5a0: 54 61 6b 12  1c b3 ba 49  ee d2 9d b7  e5 e7 2a 32  | Tak....I......*2
 5b0: 7a 4a 26 2e  04 1b e6 98  4d cf 8c 38  44 1c fa 56  | zJ&amp;.....M..8D..V
 5c0: 87 a2 1b 8d  d8 d6 27 84  bc ff ed ac  ad 5c 27 5d  | ......'......\']
 5d0: ff 4f 99 26  df ad 4a 64  cb c8 61 55  17 e0 e5 3d  | .O.&amp;..Jd..aU...=
 5e0: f7 d8 2b a5  ce c1 73 93  81 23 2b 85  30 f8 19 32  | ..+...s..#+.0..2
 5f0: 99 61 02 03  01 00 01 a3  81 b0 30 81  ad 30 1f 06  | .a........0..0..
 600: 03 55 1d 23  04 18 30 16  80 14 76 1e  c5 f9 4a 32  | .U.#..0...v...J2
 610: 93 43 41 c8  2c 14 56 0f  a3 8d 2d 6a  2c 30 30 0f  | .CA.,.V...-j,00.
 620: 06 03 55 1d  13 01 01 ff  04 05 30 03  01 01 ff 30  | ..U.......0....0
 630: 0e 06 03 55  1d 0f 01 01  ff 04 04 03  02 01 c6 30  | ...U...........0
 640: 1d 06 03 55  1d 0e 04 16  04 14 76 1e  c5 f9 4a 32  | ...U......v...J2
 650: 93 43 41 c8  2c 14 56 0f  a3 8d 2d 6a  2c 30 30 4a  | .CA.,.V...-j,00J
 660: 06 08 2b 06  01 05 05 07  01 01 04 3e  30 3c 30 3a  | ..+........&gt;0&lt;0:
 670: 06 08 2b 06  01 05 05 07  30 01 86 2e  68 74 74 70  | ..+.....0...http
 680: 3a 2f 2f 64  65 6c 74 61  2e 64 73 64  65 76 2e 73  | ://delta.dsdev.s
 690: 6a 63 2e 72  65 64 68 61  74 2e 63 6f  6d 3a 39 31  | jc.redhat.com:91
 6a0: 38 30 2f 63  61 2f 6f 63  73 70 30 0d  06 09 2a 86  | 80/ca/ocsp0...*.
 6b0: 48 86 f7 0d  01 01 05 05  00 03 82 01  01 00 37 87  | H.............7.
 6c0: bd a0 3a ad  b8 8a ff 7c  ae 12 6c eb  81 06 38 81  | ..:....|..l...8.
 6d0: b7 3a 1d 55  7d fe e8 34  5f ca 85 b7  33 57 d7 bf  | .:.U}..4_...3W..
 6e0: 7b 15 7a d6  0d 85 1a fc  23 ea 12 f2  a0 b7 19 50  | {.z.....#......P
 6f0: 27 a5 f7 c0  6c 49 27 94  17 18 ef 74  c3 37 a2 f9  | '...lI'....t.7..
 700: c8 41 f9 60  47 3b 81 2e  e4 5c ef 52  06 91 e9 0a  | .A.`G;...\.R....
 710: 64 b1 47 1f  7d 2f 18 68  ec d8 6a fa  0e 38 4f 91  | d.G.}/.h..j..8O.
 720: bc 9b d2 47  f3 46 0c de  71 1a 34 20  68 62 79 57  | ...G.F..q.4 hbyW
 730: c9 f2 f5 0c  c8 ae 1c bd  48 5c e3 8e  ad 8d b0 fd  | ........H\......
 740: 68 92 69 a0  04 5d f6 48  f9 0e 99 57  f0 bf 7a 32  | h.i..].H...W..z2
 750: 9d 9c 6f db  97 f5 ca 32  ce d1 64 f0  60 ba d2 4d  | ..o....2..d.`..M
 760: 2b 5b 1a b5  54 ec e6 30  fd d4 67 1c  c6 49 64 aa  | +[..T..0..g..Id.
 770: 8d b8 bb f5  32 66 a5 a6  97 f4 fc eb  c9 74 7d 72  | ....2f.......t}r
 780: 89 ed e0 9a  2a 2f 4c 4d  78 06 3a 2f  c4 2f 13 0f  | ....*/LMx.:/./..
 790: ff 4b 36 c3  e4 dd 53 cf  a5 54 9f b7  1f 0a 7b 88  | .K6...S..T....{.
 7a0: 3d 37 ee 5a  98 fb 6c 3d  e5 96 ac be  1e 24 19 ec  | =7.Z..l=.....$..
 7b0: 87 ad 6c e5  40 6c b0 76  31 ea ce 1a  96 cc 0e 00  | ..l.@l.v1.......
 7c0: 00 00                                               | ..
(1986 bytes of 1981)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 16 03 01 07  bd                                     | .....
   type    = 22 (handshake)
   version = { 3,1 }
   length  = 1981 (0x7bd)
   handshake {
   0: 02 00 00 46                                         | ...F
      type = 2 (server_hello)
      length = 70 (0x000046)
         ServerHello {
            server_version = {3, 1}
            random = {...}
   0: 49 e7 b9 07  3d 96 23 75  66 37 4f ee  ad aa 6f 0d  | I...=.#uf7O...o.
  10: 83 bc d3 aa  98 f1 41 ea  ed 9e 5b 87  29 18 d9 94  | ......A...[.)...
            session ID = {
                length = 32
                contents = {...}
   0: 2f 64 49 eb  f7 2b 88 8b  82 46 56 5f  88 45 8b 91  | /dI..+...FV_.E..
  10: 36 28 60 86  27 b6 d2 63  4e 90 ba d6  9c d4 a2 01  | 6(`.'..cN.......
            }
            cipher_suite = (0x0004) SSL3/RSA/RC4-128/MD5
            compression method = 00
         }
   0: 0b 00 07 6b                                         | ...k
      type = 11 (certificate)
      length = 1899 (0x00076b)
         CertificateChain {
            chainlength = 1896 (0x0768)
            Certificate {
               size = 934 (0x03a6)
               data = { saved in file 'cert.001' }
            }
            Certificate {
               size = 956 (0x03bc)
               data = { saved in file 'cert.002' }
            }
         }
   0: 0e 00 00 00                                         | ....
      type = 14 (server_hello_done)
      length = 0 (0x000000)
   }
}
</font>]
--> [
<font color=blue>   0: 16 03 01 01  06 10 00 01  02 01 00 17  5a 07 4c d0  | ............Z.L.
  10: d4 a3 a9 0a  d5 fd 0e 9c  92 96 4b cd  50 45 46 66  | ..........K.PEFf
  20: ce f3 a6 34  5b 9b 7a 5f  e2 31 e5 6c  21 bf 4d 7c  | ...4[.z_.1.l!.M|
  30: 30 eb 5b c9  9d 0b be 31  e5 53 22 e0  34 fd b4 29  | 0.[....1.S".4..)
  40: 28 d1 73 5a  fe 70 19 24  2f dc 1b b9  9d b5 4a c3  | (.sZ.p.$/.....J.
  50: 51 1f af 1c  ef c2 85 4e  4e 3e 9c bf  2f 0a d1 1d  | Q......NN&gt;../...
  60: 8c cc 69 19  04 50 26 97  88 95 64 92  b2 af 64 54  | ..i..P&amp;...d...dT
  70: c1 e6 97 58  1a c2 1b fd  bc 87 d6 c5  e8 cf 89 27  | ...X...........'
  80: 88 66 db 31  11 b1 da fb  00 09 bf c4  af a3 93 96  | .f.1............
  90: 32 fc 40 67  84 7e bb a1  31 01 32 b4  8f d1 ed 08  | 2.@g.~..1.2.....
  a0: 9d 76 d9 ec  97 b6 9d fa  6b dc f1 93  d5 ea b8 c0  | .v......k.......
  b0: b6 1f 41 70  0c a2 a2 e9  ab 16 14 37  a4 51 d9 b7  | ..Ap.......7.Q..
  c0: 19 15 a3 8b  25 78 ba c0  70 62 0f 04  86 0c af a9  | ....%x..pb......
  d0: 00 ee f4 23  14 fc 3f 14  4a c2 60 b2  c0 44 5e 16  | ...#..?.J.`..D^.
  e0: 6b c3 bd c3  1c 97 07 05  ce b0 83 a9  36 4e 9a 19  | k...........6N..
  f0: 08 ad bc 28  b2 80 46 44  07 3b bb a2  fd 2c 85 7c  | ...(..FD.;...,.|
 100: 4e 33 21 5a  4b 20 e1 38  56 99 ed 14  03 01 00 01  | N3!ZK .8V.......
 110: 01 16 03 01  00 20 04 3f  ce 1a 74 be  80 cf 6c 82  | ..... .?..t...l.
 120: fb 1b ce 2d  9e db f1 44  cf 09 33 f2  ba a7 dd 26  | ...-...D..3....&amp;
 130: 49 64 5d a0  7b 1c                                  | Id].{.
(310 bytes of 262, with 43 left over)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 16 03 01 01  06                                     | .....
   type    = 22 (handshake)
   version = { 3,1 }
   length  = 262 (0x106)
   handshake {
   0: 10 00 01 02                                         | ....
      type = 16 (client_key_exchange)
      length = 258 (0x000102)
         ClientKeyExchange {
            message = {...}
         }
   }
}
(310 bytes of 1, with 37 left over)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 14 03 01 00  01                                     | .....
   type    = 20 (change_cipher_spec)
   version = { 3,1 }
   length  = 1 (0x1)
   0: 01                                                  | .
}
(310 bytes of 32)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 16 03 01 00  20                                     | .... 
   type    = 22 (handshake)
   version = { 3,1 }
   length  = 32 (0x20)
            < encrypted >
}
</font>]
<-- [
<font color=red>   0: 15 03 01 00  02 02 14                               | .......
(7 bytes of 2)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 15 03 01 00  02                                     | .....
   type    = 21 (alert)
   version = { 3,1 }
   length  = 2 (0x2)
   fatal: bad_record_mac
   0: 02 14                                               | ..
}
</font>]
Read EOF on Server socket. [Thu Apr 16 16:02:31 2009]
Read EOF on Client socket. [Thu Apr 16 16:02:31 2009]
Connection 1 Complete [Thu Apr 16 16:02:31 2009]
<p><HR><H2>Connection #2 [Thu Apr 16 16:02:31 2009]
</H2>Connected to delta.dsdev.sjc.redhat.com:9443
--> [
<font color=blue>   0: 80 3d 01 03  00 00 24 00  00 00 10 00  00 39 00 00  | .=....$......9..
  10: 38 00 00 35  00 00 33 00  00 32 00 00  04 00 00 05  | 8..5..3..2......
  20: 00 00 2f 00  00 16 00 00  13 00 fe ff  00 00 0a 53  | ../............S
  30: 9c 0a 2e bd  1f 65 22 70  00 6a a0 6f  7f 12 e9     | .....e"p.j.o..
alloclen = 63 bytes
(63 bytes of 63)
 [Thu Apr 16 16:02:31 2009] [ssl2]  ClientHelloV2 {
           version = {0x03, 0x00}
           cipher-specs-length = 36 (0x24)
           sid-length = 0 (0x00)
           challenge-length = 16 (0x10)
           cipher-suites = { 
                (0x000039) TLS/DHE-RSA/AES256-CBC/SHA
                (0x000038) TLS/DHE-DSS/AES256-CBC/SHA
                (0x000035) TLS/RSA/AES256-CBC/SHA
                (0x000033) TLS/DHE-RSA/AES128-CBC/SHA
                (0x000032) TLS/DHE-DSS/AES128-CBC/SHA
                (0x000004) SSL3/RSA/RC4-128/MD5
                (0x000005) SSL3/RSA/RC4-128/SHA
                (0x00002f) TLS/RSA/AES128-CBC/SHA
                (0x000016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
                (0x000013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
                (0x00feff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
                (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
                }
           session-id = { }
           challenge = { 0x539c 0x0a2e 0xbd1f 0x6522 0x7000 0x6aa0 0x6f7f 0x12e9 }
}
</font>]
<-- [
<font color=red>   0: 16 03 00 07  bd 02 00 00  46 03 00 49  e7 b9 07 29  | ........F..I...)
  10: aa bc 0e 3f  fb dd 21 c3  f2 f7 d2 81  e0 76 36 da  | ...?..!......v6.
  20: 4e e9 60 fe  df c7 f5 57  12 41 cd 20  2f 64 8b f7  | N.`....W.A. /d..
  30: 8d c8 47 75  3c 43 fb 29  04 32 8c 3f  06 b9 d1 7d  | ..Gu&lt;C.).2.?...}
  40: 24 92 24 cf  e8 42 03 84  2d 90 99 fd  00 04 00 0b  | $.$..B..-.......
  50: 00 07 6b 00  07 68 00 03  a6 30 82 03  a2 30 82 02  | ..k..h...0...0..
  60: 8a a0 03 02  01 02 02 01  03 30 0d 06  09 2a 86 48  | .........0...*.H
  70: 86 f7 0d 01  01 05 05 00  30 46 31 24  30 22 06 03  | ........0F1$0"..
  80: 55 04 0a 13  1b 44 73 64  65 76 53 6a  63 52 65 64  | U....DsdevSjcRed
  90: 68 61 74 20  44 6f 6d 61  69 6e 20 64  65 6c 74 61  | hat Domain delta
  a0: 31 1e 30 1c  06 03 55 04  03 13 15 43  65 72 74 69  | 1.0...U....Certi
  b0: 66 69 63 61  74 65 20 41  75 74 68 6f  72 69 74 79  | ficate Authority
  c0: 30 1e 17 0d  30 39 30 34  31 36 31 37  32 34 31 31  | 0...090416172411
  d0: 5a 17 0d 31  31 30 34 30  36 31 37 32  34 31 31 5a  | Z..110406172411Z
  e0: 30 4b 31 24  30 22 06 03  55 04 0a 13  1b 44 73 64  | 0K1$0"..U....Dsd
  f0: 65 76 53 6a  63 52 65 64  68 61 74 20  44 6f 6d 61  | evSjcRedhat Doma
 100: 69 6e 20 64  65 6c 74 61  31 23 30 21  06 03 55 04  | in delta1#0!..U.
 110: 03 13 1a 64  65 6c 74 61  2e 64 73 64  65 76 2e 73  | ...delta.dsdev.s
 120: 6a 63 2e 72  65 64 68 61  74 2e 63 6f  6d 30 82 01  | jc.redhat.com0..
 130: 22 30 0d 06  09 2a 86 48  86 f7 0d 01  01 01 05 00  | "0...*.H........
 140: 03 82 01 0f  00 30 82 01  0a 02 82 01  01 00 9c 30  | .....0.........0
 150: 45 4f 53 eb  0c f1 2f fc  6c 74 e6 4a  53 e7 fe f6  | EOS.../.lt.JS...
 160: 77 2e 5b 30  c1 94 97 51  5e c2 e6 5c  80 f3 0e a6  | w.[0...Q^..\....
 170: 37 5a da 58  2d 63 ff ff  14 e5 f8 72  0e e2 b3 9f  | 7Z.X-c.....r....
 180: 07 8a a1 cd  74 b3 be 52  5d 6b 2d 45  93 d8 9a 83  | ....t..R]k-E....
 190: 55 2b 86 a8  1f e4 ef dd  d6 25 67 1f  d5 6d 97 05  | U+.......%g..m..
 1a0: da a3 51 c9  02 8b 4f a6  87 e9 78 f9  43 78 db 2e  | ..Q...O...x.Cx..
 1b0: 4c bc ed 16  d7 97 4c 5e  2e d7 c8 23  7c 14 40 0a  | L.....L^...#|.@.
 1c0: 91 47 2d 44  cd 84 5a e5  96 49 aa 3e  0a 70 b0 1c  | .G-D..Z..I.&gt;.p..
 1d0: 78 b5 d9 96  31 db a4 2f  7b f4 f1 e3  06 19 51 44  | x...1../{.....QD
 1e0: db 42 f6 0e  28 d5 12 75  3f 59 cd 5e  60 17 26 a7  | .B..(..u?Y.^`.&amp;.
 1f0: f8 99 0c d4  c4 55 6e b9  3e 92 52 7a  ea 95 fb 82  | .....Un.&gt;.Rz....
 200: 09 93 08 c6  68 64 7f 58  67 90 2d e3  ad 9b a2 91  | ....hdXg.-.....
 210: cf 14 75 8b  3f 57 96 d0  4d cc 6a e3  6a 62 00 8a  | ..u.?W..M.j.jb..
 220: 0d 11 41 80  a4 48 1b 0c  78 f5 cd c6  5f fe 6d 7d  | ..A..H..x..._.m}
 230: 8d 6c ac af  fe c3 dd 65  b5 e2 ff 62  80 fd 98 1b  | .l.....e...b....
 240: 0e 96 31 18  92 6d e4 9a  55 5d d4 40  92 81 02 03  | ..1..m..U].@....
 250: 01 00 01 a3  81 95 30 81  92 30 1f 06  03 55 1d 23  | ......0..0...U.#
 260: 04 18 30 16  80 14 76 1e  c5 f9 4a 32  93 43 41 c8  | ..0...v...J2.CA.
 270: 2c 14 56 0f  a3 8d 2d 6a  2c 30 30 4a  06 08 2b 06  | ,.V...-j,00J..+.
 280: 01 05 05 07  01 01 04 3e  30 3c 30 3a  06 08 2b 06  | .......&gt;0&lt;0:..+.
 290: 01 05 05 07  30 01 86 2e  68 74 74 70  3a 2f 2f 64  | ....0...http://d
 2a0: 65 6c 74 61  2e 64 73 64  65 76 2e 73  6a 63 2e 72  | elta.dsdev.sjc.r
 2b0: 65 64 68 61  74 2e 63 6f  6d 3a 39 31  38 30 2f 63  | edhat.com:9180/c
 2c0: 61 2f 6f 63  73 70 30 0e  06 03 55 1d  0f 01 01 ff  | a/ocsp0...U.....
 2d0: 04 04 03 02  04 f0 30 13  06 03 55 1d  25 04 0c 30  | ......0...U.%..0
 2e0: 0a 06 08 2b  06 01 05 05  07 03 01 30  0d 06 09 2a  | ...+.......0...*
 2f0: 86 48 86 f7  0d 01 01 05  05 00 03 82  01 01 00 2c  | .H.............,
 300: cc 8c 20 77  93 a5 1f 99  27 27 12 41  6c 2a b4 de  | .. w....''.Al*..
 310: 1f 62 c8 da  28 f2 0a d3  34 6f db 59  0e 33 60 76  | .b..(...4o.Y.3`v
 320: fe 86 4a 3d  e3 f4 e5 b7  1a 34 f5 2e  d8 1d 1f 82  | ..J=.....4......
 330: a0 ad 77 c5  1e a6 9d 12  56 33 4a a4  85 c4 52 9e  | ..w.....V3J...R.
 340: dc 14 5a b8  1f 53 25 6e  34 f0 bd 8f  6d 49 e2 6a  | ..Z..S%n4...mI.j
 350: c3 c9 32 13  ff 38 c2 61  03 42 8c 1d  d2 0c b4 21  | ..2..8.a.B.....!
 360: 87 b6 a0 aa  9b 9d c4 db  f0 b7 73 bf  85 c6 7b f4  | ..........s...{.
 370: 04 90 65 84  7f 73 f7 f4  be f0 03 cb  68 eb 1e d2  | ..e.s......h...
 380: 7b 80 0d 81  d0 9c c3 47  67 bc 43 96  80 a6 96 92  | {......Gg.C.....
 390: e3 87 b4 5f  5c bb fc 88  8c 65 54 3a  d3 7e bf 66  | ..._\....eT:.~.f
 3a0: cc 17 bc 0f  a8 76 c7 2f  09 bf 73 31  7a 23 b7 7e  | .....v./..s1z#.~
 3b0: 95 fe 4d 8a  bb b2 9f ea  36 53 12 c3  ab 9a f8 74  | ..M.....6S.....t
 3c0: ef f0 99 66  a4 1b 7a de  e4 eb f6 79  d1 f8 0b 0a  | ...f..z....y....
 3d0: 40 e1 b0 96  50 c4 86 88  1d 7b 8d 97  5c ee e9 35  | @...P....{..\..5
 3e0: ad 70 de d1  51 05 1e ff  c0 20 14 c4  49 cf dd b3  | .p..Q.... ..I...
 3f0: 7e d8 38 a3  88 93 9e 04  bb 80 c7 57  2a 5d 10 00  | ~.8........W*]..
 400: 03 bc 30 82  03 b8 30 82  02 a0 a0 03  02 01 02 02  | ..0...0.........
 410: 01 01 30 0d  06 09 2a 86  48 86 f7 0d  01 01 05 05  | ..0...*.H.......
 420: 00 30 46 31  24 30 22 06  03 55 04 0a  13 1b 44 73  | .0F1$0"..U....Ds
 430: 64 65 76 53  6a 63 52 65  64 68 61 74  20 44 6f 6d  | devSjcRedhat Dom
 440: 61 69 6e 20  64 65 6c 74  61 31 1e 30  1c 06 03 55  | ain delta1.0...U
 450: 04 03 13 15  43 65 72 74  69 66 69 63  61 74 65 20  | ....Certificate 
 460: 41 75 74 68  6f 72 69 74  79 30 1e 17  0d 30 39 30  | Authority0...090
 470: 34 31 36 31  37 32 34 31  30 5a 17 0d  31 31 30 34  | 416172410Z..1104
 480: 30 36 31 37  32 34 31 30  5a 30 46 31  24 30 22 06  | 06172410Z0F1$0".
 490: 03 55 04 0a  13 1b 44 73  64 65 76 53  6a 63 52 65  | .U....DsdevSjcRe
 4a0: 64 68 61 74  20 44 6f 6d  61 69 6e 20  64 65 6c 74  | dhat Domain delt
 4b0: 61 31 1e 30  1c 06 03 55  04 03 13 15  43 65 72 74  | a1.0...U....Cert
 4c0: 69 66 69 63  61 74 65 20  41 75 74 68  6f 72 69 74  | ificate Authorit
 4d0: 79 30 82 01  22 30 0d 06  09 2a 86 48  86 f7 0d 01  | y0.."0...*.H....
 4e0: 01 01 05 00  03 82 01 0f  00 30 82 01  0a 02 82 01  | .........0......
 4f0: 01 00 df 53  9f 4a 8d b8  c8 f0 6b cd  8b 2f f0 ac  | ...S.J....k../..
 500: a7 22 09 4b  a8 1a c3 70  4e e0 ab 65  4d f8 da c3  | .".K...pN..eM...
 510: 7d b4 0e bf  07 d5 b4 40  19 82 89 b4  e9 ce 81 5e  | }......@.......^
 520: 4b b7 da f9  10 9e 28 62  0d 64 98 6b  d1 eb c4 c1  | K.....(b.d.k....
 530: d2 80 7e 48  81 22 e4 ff  f8 04 0b 1d  61 d4 22 86  | ..~H."......a.".
 540: 92 2b 1e d1  d7 4f 75 17  ff 7e 57 dc  f2 fc de 6a  | .+...Ou..~W....j
 550: 19 4d 3d c8  9b 27 80 e2  cc 2a 9c 37  5c 77 b2 b9  | .M=..'...*.7\w..
 560: 86 cc a9 db  fc d4 e0 69  48 3b 7a 55  e7 2f 12 bc  | .......iH;zU./..
 570: 9d 10 5d d9  92 62 99 6a  77 e4 96 b4  7f e0 aa 2d  | ..]..b.jw.....-
 580: 94 9c 19 0c  9b 3e 08 b1  ff 7b eb c9  5d 92 e6 b9  | .....&gt;...{..]...
 590: 7f b3 21 08  e9 5b e3 ea  68 2a 36 10  b0 56 9c 1e  | .!..[..h*6..V..
 5a0: 54 61 6b 12  1c b3 ba 49  ee d2 9d b7  e5 e7 2a 32  | Tak....I......*2
 5b0: 7a 4a 26 2e  04 1b e6 98  4d cf 8c 38  44 1c fa 56  | zJ&amp;.....M..8D..V
 5c0: 87 a2 1b 8d  d8 d6 27 84  bc ff ed ac  ad 5c 27 5d  | ......'......\']
 5d0: ff 4f 99 26  df ad 4a 64  cb c8 61 55  17 e0 e5 3d  | .O.&amp;..Jd..aU...=
 5e0: f7 d8 2b a5  ce c1 73 93  81 23 2b 85  30 f8 19 32  | ..+...s..#+.0..2
 5f0: 99 61 02 03  01 00 01 a3  81 b0 30 81  ad 30 1f 06  | .a........0..0..
 600: 03 55 1d 23  04 18 30 16  80 14 76 1e  c5 f9 4a 32  | .U.#..0...v...J2
 610: 93 43 41 c8  2c 14 56 0f  a3 8d 2d 6a  2c 30 30 0f  | .CA.,.V...-j,00.
 620: 06 03 55 1d  13 01 01 ff  04 05 30 03  01 01 ff 30  | ..U.......0....0
 630: 0e 06 03 55  1d 0f 01 01  ff 04 04 03  02 01 c6 30  | ...U...........0
 640: 1d 06 03 55  1d 0e 04 16  04 14 76 1e  c5 f9 4a 32  | ...U......v...J2
 650: 93 43 41 c8  2c 14 56 0f  a3 8d 2d 6a  2c 30 30 4a  | .CA.,.V...-j,00J
 660: 06 08 2b 06  01 05 05 07  01 01 04 3e  30 3c 30 3a  | ..+........&gt;0&lt;0:
 670: 06 08 2b 06  01 05 05 07  30 01 86 2e  68 74 74 70  | ..+.....0...http
 680: 3a 2f 2f 64  65 6c 74 61  2e 64 73 64  65 76 2e 73  | ://delta.dsdev.s
 690: 6a 63 2e 72  65 64 68 61  74 2e 63 6f  6d 3a 39 31  | jc.redhat.com:91
 6a0: 38 30 2f 63  61 2f 6f 63  73 70 30 0d  06 09 2a 86  | 80/ca/ocsp0...*.
 6b0: 48 86 f7 0d  01 01 05 05  00 03 82 01  01 00 37 87  | H.............7.
 6c0: bd a0 3a ad  b8 8a ff 7c  ae 12 6c eb  81 06 38 81  | ..:....|..l...8.
 6d0: b7 3a 1d 55  7d fe e8 34  5f ca 85 b7  33 57 d7 bf  | .:.U}..4_...3W..
 6e0: 7b 15 7a d6  0d 85 1a fc  23 ea 12 f2  a0 b7 19 50  | {.z.....#......P
 6f0: 27 a5 f7 c0  6c 49 27 94  17 18 ef 74  c3 37 a2 f9  | '...lI'....t.7..
 700: c8 41 f9 60  47 3b 81 2e  e4 5c ef 52  06 91 e9 0a  | .A.`G;...\.R....
 710: 64 b1 47 1f  7d 2f 18 68  ec d8 6a fa  0e 38 4f 91  | d.G.}/.h..j..8O.
 720: bc 9b d2 47  f3 46 0c de  71 1a 34 20  68 62 79 57  | ...G.F..q.4 hbyW
 730: c9 f2 f5 0c  c8 ae 1c bd  48 5c e3 8e  ad 8d b0 fd  | ........H\......
 740: 68 92 69 a0  04 5d f6 48  f9 0e 99 57  f0 bf 7a 32  | h.i..].H...W..z2
 750: 9d 9c 6f db  97 f5 ca 32  ce d1 64 f0  60 ba d2 4d  | ..o....2..d.`..M
 760: 2b 5b 1a b5  54 ec e6 30  fd d4 67 1c  c6 49 64 aa  | +[..T..0..g..Id.
 770: 8d b8 bb f5  32 66 a5 a6  97 f4 fc eb  c9 74 7d 72  | ....2f.......t}r
 780: 89 ed e0 9a  2a 2f 4c 4d  78 06 3a 2f  c4 2f 13 0f  | ....*/LMx.:/./..
 790: ff 4b 36 c3  e4 dd 53 cf  a5 54 9f b7  1f 0a 7b 88  | .K6...S..T....{.
 7a0: 3d 37 ee 5a  98 fb 6c 3d  e5 96 ac be  1e 24 19 ec  | =7.Z..l=.....$..
 7b0: 87 ad 6c e5  40 6c b0 76  31 ea ce 1a  96 cc 0e 00  | ..l.@l.v1.......
 7c0: 00 00                                               | ..
(1986 bytes of 1981)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 16 03 00 07  bd                                     | .....
   type    = 22 (handshake)
   version = { 3,0 }
   length  = 1981 (0x7bd)
   handshake {
   0: 02 00 00 46                                         | ...F
      type = 2 (server_hello)
      length = 70 (0x000046)
         ServerHello {
            server_version = {3, 0}
            random = {...}
   0: 49 e7 b9 07  29 aa bc 0e  3f fb dd 21  c3 f2 f7 d2  | I...)...?..!....
  10: 81 e0 76 36  da 4e e9 60  fe df c7 f5  57 12 41 cd  | ..v6.N.`....W.A.
            session ID = {
                length = 32
                contents = {...}
   0: 2f 64 8b f7  8d c8 47 75  3c 43 fb 29  04 32 8c 3f  | /d....Gu&lt;C.).2.?
  10: 06 b9 d1 7d  24 92 24 cf  e8 42 03 84  2d 90 99 fd  | ...}$.$..B..-...
            }
            cipher_suite = (0x0004) SSL3/RSA/RC4-128/MD5
            compression method = 00
         }
   0: 0b 00 07 6b                                         | ...k
      type = 11 (certificate)
      length = 1899 (0x00076b)
         CertificateChain {
            chainlength = 1896 (0x0768)
            Certificate {
               size = 934 (0x03a6)
               data = { saved in file 'cert.003' }
            }
            Certificate {
               size = 956 (0x03bc)
               data = { saved in file 'cert.004' }
            }
         }
   0: 0e 00 00 00                                         | ....
      type = 14 (server_hello_done)
      length = 0 (0x000000)
   }
}
</font>]
--> [
<font color=blue>   0: 16 03 00 01  04 10 00 01  00 84 7f 68  e8 2f 63 c1  | ..........h./c.
  10: 12 16 39 d2  48 3d 68 c8  39 34 22 df  17 77 2f 58  | ..9.H=h.94"..w/X
  20: 59 9b 0a 05  14 d3 4c 03  b7 92 ec c0  87 f8 28 52  | Y.....L.......(R
  30: 67 48 80 90  be 2c d6 74  85 96 bf 2e  a7 1a 08 5e  | gH...,.t.......^
  40: 61 2a 1b 7f  63 3b 8a 6b  d3 1c 8f 96  fc a0 a3 7a  | a*.c;.k.......z
  50: 59 81 93 6e  18 19 2f 38  98 19 5c bc  52 69 1d 2b  | Y..n../8..\.Ri.+
  60: bc d4 56 81  c5 83 fa 0b  40 32 50 f7  a2 1c 98 c9  | ..V.....@2P.....
  70: 03 c1 f7 6e  1b 0d 98 2f  5b 7a 84 94  43 c5 8d 08  | ...n.../[z..C...
  80: d9 ef 0d 2c  ee 92 7c 30  4c 65 02 0c  c6 f0 43 23  | ...,..|0Le....C#
  90: cf 7f dc bb  98 91 10 19  5d cb c2 67  51 ae d3 0c  | .......]..gQ...
  a0: f7 61 e2 cc  7d c8 cd 6c  0b b6 0e ab  6f 9f de 78  | .a..}..l....o..x
  b0: ef e2 23 12  18 4b 03 42  27 4b 86 03  2b 72 e7 e9  | ..#..K.B'K..+r..
  c0: 67 10 54 02  a5 15 c8 18  8c cf e2 d7  e7 1e cc 1c  | g.T.............
  d0: 4e b7 53 b6  ea 23 6e b9  29 df e9 6b  40 55 6b 5d  | N.S..#n.)..k@Uk]
  e0: 58 61 1b c7  c7 7c 8e a6  b7 19 8e c9  2b 52 de 90  | Xa...|......+R..
  f0: 3a 18 72 17  1b cb b6 7d  92 89 0b 5b  30 29 f8 0c  | :.r....}...[0)..
 100: 27 42 bc 7a  9d b6 bf c4  5f 14 03 00  00 01 01 16  | 'B.z...._.......
 110: 03 00 00 38  e2 ca 0f fd  27 7d 7f f4  77 8b 66 34  | ...8....'}.w.f4
 120: b5 61 06 8b  4a d0 ce 0e  68 9d c1 90  76 0f e3 53  | .a..J...h...v..S
 130: f8 09 ba d1  d8 48 07 df  2d 84 47 9f  64 e2 74 79  | .....H..-.G.d.ty
 140: f2 64 fa 3f  97 71 78 66  f2 b2 d0 6a               | .d.?.qxf...j
(332 bytes of 260, with 67 left over)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 16 03 00 01  04                                     | .....
   type    = 22 (handshake)
   version = { 3,0 }
   length  = 260 (0x104)
   handshake {
   0: 10 00 01 00                                         | ....
      type = 16 (client_key_exchange)
      length = 256 (0x000100)
         ClientKeyExchange {
            message = {...}
         }
   }
}
(332 bytes of 1, with 61 left over)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 14 03 00 00  01                                     | .....
   type    = 20 (change_cipher_spec)
   version = { 3,0 }
   length  = 1 (0x1)
   0: 01                                                  | .
}
(332 bytes of 56)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 16 03 00 00  38                                     | ....8
   type    = 22 (handshake)
   version = { 3,0 }
   length  = 56 (0x38)
            < encrypted >
}
</font>]
<-- [
<font color=red>   0: 15 03 00 00  02 02 14                               | .......
(7 bytes of 2)
SSLRecord { [Thu Apr 16 16:02:31 2009]
   0: 15 03 00 00  02                                     | .....
   type    = 21 (alert)
   version = { 3,0 }
   length  = 2 (0x2)
   fatal: bad_record_mac
   0: 02 14                                               | ..
}
</font>]
Read EOF on Server socket. [Thu Apr 16 16:02:31 2009]
Read EOF on Client socket. [Thu Apr 16 16:02:31 2009]
Connection 2 Complete [Thu Apr 16 16:02:31 2009]
Comment 3 Christina Fu 2009-04-20 12:48:35 EDT
I tried this and confirmed what you saw, Chandra.

The port on the Done page now appears to be okay, but clicking on it will get mac error.
And guess what? I took Ade's wild suggestion and use the ee port instead, and it works.
Am I allowed to say that this is freakily screwy?
Comment 4 Matthew Harmsen 2009-04-20 18:56:34 EDT
In debugging this issue, I encountered the following:

* the name of the instance and ALL of the ports must be unique values
* the name of the Security Domain MUST be changed away from the default value
* the name of the Subsystem Type MUST be changed to be a unique string

The error encountered is that on the Import CA's Certificate Chain panel, the Trust Dialog will not pop-up resulting in an inability to complete the configuration.
Comment 5 Matthew Harmsen 2009-04-21 20:37:59 EDT
Jack and I were able to get rid of the "bad MAC" error by replacing 'clientAuth="agent"' with 'clientAuth="true"' in the "Agent" Connector section of the /var/lib/<instance>/conf/server.xml file.

However, there are still existing port issues, and also, we are now experiencing the following error instead of the "bad MAC" issue:

     gamma.dsdev.sjc.redhat.com has received an incorrect or unexpected message.
     Error Code:  -12227
Comment 6 Matthew Harmsen 2009-04-21 20:54:29 EDT
Created attachment 340654 [details]
Elimination of "bad MAC" Error
Comment 7 Matthew Harmsen 2009-04-21 20:55:08 EDT
Created attachment 340655 [details]
Elimination of "bad MAC" Error (spec files)
Comment 8 Jack Magne 2009-04-21 20:59:13 EDT
Attachments (id=340654) (id=340655) +jmagne .
Comment 9 Matthew Harmsen 2009-04-21 21:05:50 EDT
cd pki/base

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      ca/shared/conf/server.xml
M      tks/shared/conf/server.xml
M      ocsp/shared/conf/server.xml
M      kra/shared/conf/server.xml

% svn commit
Sending        base/ca/shared/conf/server.xml
Sending        base/kra/shared/conf/server.xml
Sending        base/ocsp/shared/conf/server.xml
Sending        base/tks/shared/conf/server.xml
Transmitting file data ....
Committed revision 409.


cd pki/dogtag

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      ca/pki-ca.spec
M      tks/pki-tks.spec
M      ocsp/pki-ocsp.spec
M      kra/pki-kra.spec

% svn commit
Sending        dogtag/ca/pki-ca.spec
Sending        dogtag/kra/pki-kra.spec
Sending        dogtag/ocsp/pki-ocsp.spec
Sending        dogtag/tks/pki-tks.spec
Transmitting file data ....
Committed revision 410.
Comment 10 Matthew Harmsen 2009-04-28 12:59:49 EDT
Created attachment 341613 [details]
Make Installation Wizard use "admin" port; re-enable filters (phase 1)
Comment 11 Matthew Harmsen 2009-04-28 13:03:39 EDT
Created attachment 341614 [details]
Make Installation Wizard use "admin" port; re-enable filters (phase 1 - spec files)
Comment 13 Matthew Harmsen 2009-04-28 13:06:29 EDT
Patch URLs were copied from Bugzilla Bug #492735.
Comment 14 Matthew Harmsen 2009-05-05 22:07:15 EDT
Created attachment 342572 [details]
Make Installation Wizard use "admin" port, re-enable filters, cleanup Port Separation, etc.
Comment 15 Matthew Harmsen 2009-05-05 22:08:22 EDT
Created attachment 342573 [details]
Make Installation Wizard use "admin" port, re-enable filters, cleanup Port Separation, etc. (dogtag + spec files)
Comment 17 Jack Magne 2009-05-07 18:23:38 EDT
Attachments (id=342572) (id=342573) (id=342574) +jmagne

All this content already reviewed in the other bug that this bug refers to.
Comment 18 Matthew Harmsen 2009-05-07 18:37:51 EDT
cd pki/base

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      ca/shared/webapps/ca/WEB-INF/web.xml
M      ca/shared/conf/CS.cfg
M      ca/shared/conf/server.xml
M      ca/shared/conf/schema.ldif
M      ca/shared/etc/init.d/httpd
M      migrate/80/schema-add.ldif
M      migrate/80/MigrateSecurityDomain.java
M      common/src/com/netscape/cms/authentication/TokenAuthentication.java
M      common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
M      common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
M      common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
M      common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
M      common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
M      common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
M      common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
M      common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
M      common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
M      common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
M      common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
M      common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
M      common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
M      common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
M      silent/src/tks/ConfigureTKS.java
M      silent/src/drm/ConfigureDRM.java
M      silent/src/ra/ConfigureRA.java
M      silent/src/ca/ConfigureCA.java
M      silent/src/ocsp/ConfigureOCSP.java
M      silent/src/tps/ConfigureTPS.java
M      silent/src/subca/ConfigureSubCA.java
M      setup/pkiremove
M      setup/pkicreate
M      tks/shared/webapps/tks/WEB-INF/web.xml
M      tks/shared/conf/CS.cfg
M      tks/shared/conf/server.xml
M      tks/shared/conf/schema.ldif
M      ra/doc/CS.cfg
M      ra/forms/index.cgi
M      ra/forms/ee/user/renewal.cgi
M      ra/lib/perl/PKI/RA/DonePanel.pm
M      ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
M      ra/lib/perl/PKI/RA/AdminPanel.pm
M      ra/lib/perl/PKI/RA/DRMInfoPanel.pm
M      ra/lib/perl/PKI/RA/CAInfoPanel.pm
M      ra/lib/perl/PKI/RA/NamePanel.pm
M      ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
M      ra/lib/perl/PKI/RA/SubsystemTypePanel.pm
M      ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
M      ra/lib/perl/PKI/RA/SizePanel.pm
M      ra/lib/perl/PKI/RA/TKSInfoPanel.pm
M      ocsp/shared/webapps/ocsp/WEB-INF/web.xml
M      ocsp/shared/conf/CS.cfg
M      ocsp/shared/conf/server.xml
M      ocsp/shared/conf/schema.ldif
M      tps/doc/CS.cfg
M      tps/lib/perl/PKI/TPS/DonePanel.pm
M      tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
M      tps/lib/perl/PKI/TPS/AdminPanel.pm
M      tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
M      tps/lib/perl/PKI/TPS/CAInfoPanel.pm
M      tps/lib/perl/PKI/TPS/NamePanel.pm
M      tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
M      tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm
M      tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
M      tps/lib/perl/PKI/TPS/SizePanel.pm
M      tps/lib/perl/PKI/TPS/TKSInfoPanel.pm
M      kra/shared/webapps/kra/WEB-INF/web.xml
M      kra/shared/conf/CS.cfg
M      kra/shared/conf/server.xml
M      kra/shared/conf/schema.ldif

% svn commit
Sending        base/ca/shared/conf/CS.cfg
Sending        base/ca/shared/conf/schema.ldif
Sending        base/ca/shared/conf/server.xml
Sending        base/ca/shared/etc/init.d/httpd
Sending        base/ca/shared/webapps/ca/WEB-INF/web.xml
Sending        base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
Sending        base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
Sending        base/kra/shared/conf/CS.cfg
Sending        base/kra/shared/conf/schema.ldif
Sending        base/kra/shared/conf/server.xml
Sending        base/kra/shared/webapps/kra/WEB-INF/web.xml
Sending        base/migrate/80/MigrateSecurityDomain.java
Sending        base/migrate/80/schema-add.ldif
Sending        base/ocsp/shared/conf/CS.cfg
Sending        base/ocsp/shared/conf/schema.ldif
Sending        base/ocsp/shared/conf/server.xml
Sending        base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
Sending        base/ra/doc/CS.cfg
Sending        base/ra/forms/ee/user/renewal.cgi
Sending        base/ra/forms/index.cgi
Sending        base/ra/lib/perl/PKI/RA/AdminPanel.pm
Sending        base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
Sending        base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm
Sending        base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
Sending        base/ra/lib/perl/PKI/RA/DonePanel.pm
Sending        base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
Sending        base/ra/lib/perl/PKI/RA/NamePanel.pm
Sending        base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
Sending        base/ra/lib/perl/PKI/RA/SizePanel.pm
Sending        base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm
Sending        base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm
Sending        base/setup/pkicreate
Sending        base/setup/pkiremove
Sending        base/silent/src/ca/ConfigureCA.java
Sending        base/silent/src/drm/ConfigureDRM.java
Sending        base/silent/src/ocsp/ConfigureOCSP.java
Sending        base/silent/src/ra/ConfigureRA.java
Sending        base/silent/src/subca/ConfigureSubCA.java
Sending        base/silent/src/tks/ConfigureTKS.java
Sending        base/silent/src/tps/ConfigureTPS.java
Sending        base/tks/shared/conf/CS.cfg
Sending        base/tks/shared/conf/schema.ldif
Sending        base/tks/shared/conf/server.xml
Sending        base/tks/shared/webapps/tks/WEB-INF/web.xml
Sending        base/tps/doc/CS.cfg
Sending        base/tps/lib/perl/PKI/TPS/AdminPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/DonePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/NamePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/SizePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm
Transmitting file data .....................................................................
Committed revision 431.
Comment 19 Matthew Harmsen 2009-05-07 18:39:58 EDT
cd pki/dogtag

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm
M      tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm
M      tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm
M      tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm
M      tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm
M      tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm
M      tps-ui/dogtag-pki-tps-ui.spec
M      ca/pki-ca.spec
M      migrate/pki-migrate.spec
M      common/pki-common.spec
A      ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template
A      ca-ui/shared/webapps/ca/admin/ca/sendCookie.template
D      ca-ui/shared/webapps/ca/ee/ca/sendCookie.template
D      ca-ui/shared/webapps/ca/ee/ca/securitydomainlogin.template
M      ca-ui/dogtag-pki-ca-ui.spec
M      silent/pki-silent.spec
M      setup/pki-setup.spec
M      tks/pki-tks.spec
M      ra/pki-ra.spec
M      common-ui/dogtag-pki-common-ui.spec
M      common-ui/shared/admin/console/config/importcachainpanel.vm
M      common-ui/shared/admin/console/config/createsubsystempanel.vm
M      common-ui/shared/admin/console/config/securitydomainpanel.vm
M      common-ui/shared/admin/console/config/importadmincertpanel.vm
M      ocsp/pki-ocsp.spec
M      tps/pki-tps.spec
M      kra/pki-kra.spec
M      ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm
M      ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm
M      ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm
M      ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm
M      ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm
M      ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm
M      ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm
M      ra-ui/shared/docroot/index.vm
M      ra-ui/dogtag-pki-ra-ui.spec

% svn commit
Sending        dogtag/ca/pki-ca.spec
Sending        dogtag/ca-ui/dogtag-pki-ca-ui.spec
Adding         dogtag/ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template
Adding         dogtag/ca-ui/shared/webapps/ca/admin/ca/sendCookie.template
Deleting       dogtag/ca-ui/shared/webapps/ca/ee/ca/securitydomainlogin.template
Deleting       dogtag/ca-ui/shared/webapps/ca/ee/ca/sendCookie.template
Sending        dogtag/common/pki-common.spec
Sending        dogtag/common-ui/dogtag-pki-common-ui.spec
Sending        dogtag/common-ui/shared/admin/console/config/createsubsystempanel.vm
Sending        dogtag/common-ui/shared/admin/console/config/importadmincertpanel.vm
Sending        dogtag/common-ui/shared/admin/console/config/importcachainpanel.vm
Sending        dogtag/common-ui/shared/admin/console/config/securitydomainpanel.vm
Sending        dogtag/kra/pki-kra.spec
Sending        dogtag/migrate/pki-migrate.spec
Sending        dogtag/ocsp/pki-ocsp.spec
Sending        dogtag/ra/pki-ra.spec
Sending        dogtag/ra-ui/dogtag-pki-ra-ui.spec
Sending        dogtag/ra-ui/shared/docroot/index.vm
Sending        dogtag/ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm
Sending        dogtag/ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm
Sending        dogtag/ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm
Sending        dogtag/ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm
Sending        dogtag/ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm
Sending        dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm
Sending        dogtag/ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm
Sending        dogtag/setup/pki-setup.spec
Sending        dogtag/silent/pki-silent.spec
Sending        dogtag/tks/pki-tks.spec
Sending        dogtag/tps/pki-tps.spec
Sending        dogtag/tps-ui/dogtag-pki-tps-ui.spec
Sending        dogtag/tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm
Sending        dogtag/tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm
Sending        dogtag/tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm
Sending        dogtag/tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm
Sending        dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm
Sending        dogtag/tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm
Transmitting file data ..................................
Committed revision 432.
Comment 21 Chandrasekar Kannan 2009-06-05 11:10:33 EDT
Verified with build 06/04/2009.

- installed/configured all subsystems ca,tks,tps,ra,ocsp,kra on nethsm2k
  with browser firefox 3 (latest on rhel 5.3 x86_64).
- all agent certs are imported onto the browser.  
- this of course can happen only after the proper ca chain is imported.
- and access to agent pages are fine.

Note You need to log in before you can comment on or make changes to this bug.