From Bugzilla Bug #495157: At this point I set "setenforce 0" to put selinux in permissive mode and finished the CA config wizard. Everything went ok except I couldn't login to the agent page. I noticed this error: Secure Connection Failed An error occurred during a connection to gamma.dsdev.sjc.redhat.com:9443. SSL peer reports incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_alert) Additionally, from comment #2 of Bugzilla Bug #495157: It's been reported that without SELinux turned to permissive, with HSM attached, the Done panel's url disply was incorrect, and that was the reason of the bad_record_mac_ssl. A workaround is to manually type in the correct url. It needs to be investigated though why the presence of the hsm would cause the url to be incorrectly displayed.
with selinux in permissive mode, I still cannot access the agent page. get ssl_error_bad_mac_alert. my url comes up as https://delta.dsdev.sjc.redhat.com:9443/ca/agent/ca I see nothing wrong with the url in permissive mode.
ssltap output... [root@delta ~]# ssltap -hfsxl delta.dsdev.sjc.redhat.com:9443 <HTML><HEAD><TITLE>SSLTAP output</TITLE></HEAD> <BODY><PRE> Looking up "delta.dsdev.sjc.redhat.com"... Proxy socket ready and listening <p><HR><H2>Connection #1 [Thu Apr 16 16:02:31 2009] </H2>Connected to delta.dsdev.sjc.redhat.com:9443 --> [ <font color=blue> 0: 16 03 01 00 aa 01 00 00 a6 03 01 49 e8 1b 14 24 | ...........I...$ 10: bc 77 a7 2c 1f 23 b9 60 77 8c a5 0b 2d 3e f1 5b | .w.,.#.`w...->.[ 20: e4 01 27 47 18 a8 ae cf 9f 05 da 00 00 18 00 39 | ..'G...........9 30: 00 38 00 35 00 33 00 32 00 04 00 05 00 2f 00 16 | .8.5.3.2...../.. 40: 00 13 fe ff 00 0a 01 00 00 65 00 00 00 1f 00 1d | .........e...... 50: 00 00 1a 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ...delta.dsdev.s 60: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 00 0a 00 | jc.redhat.com... 70: 34 00 32 00 01 00 02 00 03 00 04 00 05 00 06 00 | 4.2............. 80: 07 00 08 00 09 00 0a 00 0b 00 0c 00 0d 00 0e 00 | ................ 90: 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 | ................ a0: 17 00 18 00 19 00 0b 00 02 01 00 00 23 00 00 | ............#.. (175 bytes of 170) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 16 03 01 00 aa | ..... type = 22 (handshake) version = { 3,1 } length = 170 (0xaa) handshake { 0: 01 00 00 a6 | .... type = 1 (client_hello) length = 166 (0x0000a6) ClientHelloV3 { client_version = {3, 1} random = {...} 0: 49 e8 1b 14 24 bc 77 a7 2c 1f 23 b9 60 77 8c a5 | I...$.w.,.#.`w.. 10: 0b 2d 3e f1 5b e4 01 27 47 18 a8 ae cf 9f 05 da | .->.[..'G....... session ID = { length = 0 contents = {...} } cipher_suites[12] = { (0x0039) TLS/DHE-RSA/AES256-CBC/SHA (0x0038) TLS/DHE-DSS/AES256-CBC/SHA (0x0035) TLS/RSA/AES256-CBC/SHA (0x0033) TLS/DHE-RSA/AES128-CBC/SHA (0x0032) TLS/DHE-DSS/AES128-CBC/SHA (0x0004) SSL3/RSA/RC4-128/MD5 (0x0005) SSL3/RSA/RC4-128/SHA (0x002f) TLS/RSA/AES128-CBC/SHA (0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA (0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA } compression[1] = { 00 } extensions[101] = { extension type server_name, length [31] = { 0: 00 1d 00 00 1a 64 65 6c 74 61 2e 64 73 64 65 76 | .....delta.dsdev 10: 2e 73 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d | .sjc.redhat.com } extension type elliptic_curves, length [52] = { 0: 00 32 00 01 00 02 00 03 00 04 00 05 00 06 00 07 | .2.............. 10: 00 08 00 09 00 0a 00 0b 00 0c 00 0d 00 0e 00 0f | ................ 20: 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 | ................ 30: 00 18 00 19 | .... } extension type ec_point_formats, length [2] = { 0: 01 00 | .. } extension type session_ticket, length [0] } } } } </font>] <-- [ <font color=red> 0: 16 03 01 07 bd 02 00 00 46 03 01 49 e7 b9 07 3d | ........F..I...= 10: 96 23 75 66 37 4f ee ad aa 6f 0d 83 bc d3 aa 98 | .#uf7O...o...... 20: f1 41 ea ed 9e 5b 87 29 18 d9 94 20 2f 64 49 eb | .A...[.)... /dI. 30: f7 2b 88 8b 82 46 56 5f 88 45 8b 91 36 28 60 86 | .+...FV_.E..6(`. 40: 27 b6 d2 63 4e 90 ba d6 9c d4 a2 01 00 04 00 0b | '..cN........... 50: 00 07 6b 00 07 68 00 03 a6 30 82 03 a2 30 82 02 | ..k..h...0...0.. 60: 8a a0 03 02 01 02 02 01 03 30 0d 06 09 2a 86 48 | .........0...*.H 70: 86 f7 0d 01 01 05 05 00 30 46 31 24 30 22 06 03 | ........0F1$0".. 80: 55 04 0a 13 1b 44 73 64 65 76 53 6a 63 52 65 64 | U....DsdevSjcRed 90: 68 61 74 20 44 6f 6d 61 69 6e 20 64 65 6c 74 61 | hat Domain delta a0: 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 69 | 1.0...U....Certi b0: 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 | ficate Authority c0: 30 1e 17 0d 30 39 30 34 31 36 31 37 32 34 31 31 | 0...090416172411 d0: 5a 17 0d 31 31 30 34 30 36 31 37 32 34 31 31 5a | Z..110406172411Z e0: 30 4b 31 24 30 22 06 03 55 04 0a 13 1b 44 73 64 | 0K1$0"..U....Dsd f0: 65 76 53 6a 63 52 65 64 68 61 74 20 44 6f 6d 61 | evSjcRedhat Doma 100: 69 6e 20 64 65 6c 74 61 31 23 30 21 06 03 55 04 | in delta1#0!..U. 110: 03 13 1a 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ...delta.dsdev.s 120: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 30 82 01 | jc.redhat.com0.. 130: 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 | "0...*.H........ 140: 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 30 | .....0.........0 150: 45 4f 53 eb 0c f1 2f fc 6c 74 e6 4a 53 e7 fe f6 | EOS.../.lt.JS... 160: 77 2e 5b 30 c1 94 97 51 5e c2 e6 5c 80 f3 0e a6 | w.[0...Q^..\.... 170: 37 5a da 58 2d 63 ff ff 14 e5 f8 72 0e e2 b3 9f | 7Z.X-c.....r.... 180: 07 8a a1 cd 74 b3 be 52 5d 6b 2d 45 93 d8 9a 83 | ....t..R]k-E.... 190: 55 2b 86 a8 1f e4 ef dd d6 25 67 1f d5 6d 97 05 | U+.......%g..m.. 1a0: da a3 51 c9 02 8b 4f a6 87 e9 78 f9 43 78 db 2e | ..Q...O...x.Cx.. 1b0: 4c bc ed 16 d7 97 4c 5e 2e d7 c8 23 7c 14 40 0a | L.....L^...#|.@. 1c0: 91 47 2d 44 cd 84 5a e5 96 49 aa 3e 0a 70 b0 1c | .G-D..Z..I.>.p.. 1d0: 78 b5 d9 96 31 db a4 2f 7b f4 f1 e3 06 19 51 44 | x...1../{.....QD 1e0: db 42 f6 0e 28 d5 12 75 3f 59 cd 5e 60 17 26 a7 | .B..(..u?Y.^`.&. 1f0: f8 99 0c d4 c4 55 6e b9 3e 92 52 7a ea 95 fb 82 | .....Un.>.Rz.... 200: 09 93 08 c6 68 64 7f 58 67 90 2d e3 ad 9b a2 91 | ....hdXg.-..... 210: cf 14 75 8b 3f 57 96 d0 4d cc 6a e3 6a 62 00 8a | ..u.?W..M.j.jb.. 220: 0d 11 41 80 a4 48 1b 0c 78 f5 cd c6 5f fe 6d 7d | ..A..H..x..._.m} 230: 8d 6c ac af fe c3 dd 65 b5 e2 ff 62 80 fd 98 1b | .l.....e...b.... 240: 0e 96 31 18 92 6d e4 9a 55 5d d4 40 92 81 02 03 | ..1..m..U].@.... 250: 01 00 01 a3 81 95 30 81 92 30 1f 06 03 55 1d 23 | ......0..0...U.# 260: 04 18 30 16 80 14 76 1e c5 f9 4a 32 93 43 41 c8 | ..0...v...J2.CA. 270: 2c 14 56 0f a3 8d 2d 6a 2c 30 30 4a 06 08 2b 06 | ,.V...-j,00J..+. 280: 01 05 05 07 01 01 04 3e 30 3c 30 3a 06 08 2b 06 | .......>0<0:..+. 290: 01 05 05 07 30 01 86 2e 68 74 74 70 3a 2f 2f 64 | ....0...http://d 2a0: 65 6c 74 61 2e 64 73 64 65 76 2e 73 6a 63 2e 72 | elta.dsdev.sjc.r 2b0: 65 64 68 61 74 2e 63 6f 6d 3a 39 31 38 30 2f 63 | edhat.com:9180/c 2c0: 61 2f 6f 63 73 70 30 0e 06 03 55 1d 0f 01 01 ff | a/ocsp0...U..... 2d0: 04 04 03 02 04 f0 30 13 06 03 55 1d 25 04 0c 30 | ......0...U.%..0 2e0: 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a | ...+.......0...* 2f0: 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 2c | .H............., 300: cc 8c 20 77 93 a5 1f 99 27 27 12 41 6c 2a b4 de | .. w....''.Al*.. 310: 1f 62 c8 da 28 f2 0a d3 34 6f db 59 0e 33 60 76 | .b..(...4o.Y.3`v 320: fe 86 4a 3d e3 f4 e5 b7 1a 34 f5 2e d8 1d 1f 82 | ..J=.....4...... 330: a0 ad 77 c5 1e a6 9d 12 56 33 4a a4 85 c4 52 9e | ..w.....V3J...R. 340: dc 14 5a b8 1f 53 25 6e 34 f0 bd 8f 6d 49 e2 6a | ..Z..S%n4...mI.j 350: c3 c9 32 13 ff 38 c2 61 03 42 8c 1d d2 0c b4 21 | ..2..8.a.B.....! 360: 87 b6 a0 aa 9b 9d c4 db f0 b7 73 bf 85 c6 7b f4 | ..........s...{. 370: 04 90 65 84 7f 73 f7 f4 be f0 03 cb 68 eb 1e d2 | ..e.s......h... 380: 7b 80 0d 81 d0 9c c3 47 67 bc 43 96 80 a6 96 92 | {......Gg.C..... 390: e3 87 b4 5f 5c bb fc 88 8c 65 54 3a d3 7e bf 66 | ..._\....eT:.~.f 3a0: cc 17 bc 0f a8 76 c7 2f 09 bf 73 31 7a 23 b7 7e | .....v./..s1z#.~ 3b0: 95 fe 4d 8a bb b2 9f ea 36 53 12 c3 ab 9a f8 74 | ..M.....6S.....t 3c0: ef f0 99 66 a4 1b 7a de e4 eb f6 79 d1 f8 0b 0a | ...f..z....y.... 3d0: 40 e1 b0 96 50 c4 86 88 1d 7b 8d 97 5c ee e9 35 | @...P....{..\..5 3e0: ad 70 de d1 51 05 1e ff c0 20 14 c4 49 cf dd b3 | .p..Q.... ..I... 3f0: 7e d8 38 a3 88 93 9e 04 bb 80 c7 57 2a 5d 10 00 | ~.8........W*].. 400: 03 bc 30 82 03 b8 30 82 02 a0 a0 03 02 01 02 02 | ..0...0......... 410: 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 | ..0...*.H....... 420: 00 30 46 31 24 30 22 06 03 55 04 0a 13 1b 44 73 | .0F1$0"..U....Ds 430: 64 65 76 53 6a 63 52 65 64 68 61 74 20 44 6f 6d | devSjcRedhat Dom 440: 61 69 6e 20 64 65 6c 74 61 31 1e 30 1c 06 03 55 | ain delta1.0...U 450: 04 03 13 15 43 65 72 74 69 66 69 63 61 74 65 20 | ....Certificate 460: 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 30 39 30 | Authority0...090 470: 34 31 36 31 37 32 34 31 30 5a 17 0d 31 31 30 34 | 416172410Z..1104 480: 30 36 31 37 32 34 31 30 5a 30 46 31 24 30 22 06 | 06172410Z0F1$0". 490: 03 55 04 0a 13 1b 44 73 64 65 76 53 6a 63 52 65 | .U....DsdevSjcRe 4a0: 64 68 61 74 20 44 6f 6d 61 69 6e 20 64 65 6c 74 | dhat Domain delt 4b0: 61 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 | a1.0...U....Cert 4c0: 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 | ificate Authorit 4d0: 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 | y0.."0...*.H.... 4e0: 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 | .........0...... 4f0: 01 00 df 53 9f 4a 8d b8 c8 f0 6b cd 8b 2f f0 ac | ...S.J....k../.. 500: a7 22 09 4b a8 1a c3 70 4e e0 ab 65 4d f8 da c3 | .".K...pN..eM... 510: 7d b4 0e bf 07 d5 b4 40 19 82 89 b4 e9 ce 81 5e | }......@.......^ 520: 4b b7 da f9 10 9e 28 62 0d 64 98 6b d1 eb c4 c1 | K.....(b.d.k.... 530: d2 80 7e 48 81 22 e4 ff f8 04 0b 1d 61 d4 22 86 | ..~H."......a.". 540: 92 2b 1e d1 d7 4f 75 17 ff 7e 57 dc f2 fc de 6a | .+...Ou..~W....j 550: 19 4d 3d c8 9b 27 80 e2 cc 2a 9c 37 5c 77 b2 b9 | .M=..'...*.7\w.. 560: 86 cc a9 db fc d4 e0 69 48 3b 7a 55 e7 2f 12 bc | .......iH;zU./.. 570: 9d 10 5d d9 92 62 99 6a 77 e4 96 b4 7f e0 aa 2d | ..]..b.jw.....- 580: 94 9c 19 0c 9b 3e 08 b1 ff 7b eb c9 5d 92 e6 b9 | .....>...{..]... 590: 7f b3 21 08 e9 5b e3 ea 68 2a 36 10 b0 56 9c 1e | .!..[..h*6..V.. 5a0: 54 61 6b 12 1c b3 ba 49 ee d2 9d b7 e5 e7 2a 32 | Tak....I......*2 5b0: 7a 4a 26 2e 04 1b e6 98 4d cf 8c 38 44 1c fa 56 | zJ&.....M..8D..V 5c0: 87 a2 1b 8d d8 d6 27 84 bc ff ed ac ad 5c 27 5d | ......'......\'] 5d0: ff 4f 99 26 df ad 4a 64 cb c8 61 55 17 e0 e5 3d | .O.&..Jd..aU...= 5e0: f7 d8 2b a5 ce c1 73 93 81 23 2b 85 30 f8 19 32 | ..+...s..#+.0..2 5f0: 99 61 02 03 01 00 01 a3 81 b0 30 81 ad 30 1f 06 | .a........0..0.. 600: 03 55 1d 23 04 18 30 16 80 14 76 1e c5 f9 4a 32 | .U.#..0...v...J2 610: 93 43 41 c8 2c 14 56 0f a3 8d 2d 6a 2c 30 30 0f | .CA.,.V...-j,00. 620: 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 | ..U.......0....0 630: 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 c6 30 | ...U...........0 640: 1d 06 03 55 1d 0e 04 16 04 14 76 1e c5 f9 4a 32 | ...U......v...J2 650: 93 43 41 c8 2c 14 56 0f a3 8d 2d 6a 2c 30 30 4a | .CA.,.V...-j,00J 660: 06 08 2b 06 01 05 05 07 01 01 04 3e 30 3c 30 3a | ..+........>0<0: 670: 06 08 2b 06 01 05 05 07 30 01 86 2e 68 74 74 70 | ..+.....0...http 680: 3a 2f 2f 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ://delta.dsdev.s 690: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 3a 39 31 | jc.redhat.com:91 6a0: 38 30 2f 63 61 2f 6f 63 73 70 30 0d 06 09 2a 86 | 80/ca/ocsp0...*. 6b0: 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 37 87 | H.............7. 6c0: bd a0 3a ad b8 8a ff 7c ae 12 6c eb 81 06 38 81 | ..:....|..l...8. 6d0: b7 3a 1d 55 7d fe e8 34 5f ca 85 b7 33 57 d7 bf | .:.U}..4_...3W.. 6e0: 7b 15 7a d6 0d 85 1a fc 23 ea 12 f2 a0 b7 19 50 | {.z.....#......P 6f0: 27 a5 f7 c0 6c 49 27 94 17 18 ef 74 c3 37 a2 f9 | '...lI'....t.7.. 700: c8 41 f9 60 47 3b 81 2e e4 5c ef 52 06 91 e9 0a | .A.`G;...\.R.... 710: 64 b1 47 1f 7d 2f 18 68 ec d8 6a fa 0e 38 4f 91 | d.G.}/.h..j..8O. 720: bc 9b d2 47 f3 46 0c de 71 1a 34 20 68 62 79 57 | ...G.F..q.4 hbyW 730: c9 f2 f5 0c c8 ae 1c bd 48 5c e3 8e ad 8d b0 fd | ........H\...... 740: 68 92 69 a0 04 5d f6 48 f9 0e 99 57 f0 bf 7a 32 | h.i..].H...W..z2 750: 9d 9c 6f db 97 f5 ca 32 ce d1 64 f0 60 ba d2 4d | ..o....2..d.`..M 760: 2b 5b 1a b5 54 ec e6 30 fd d4 67 1c c6 49 64 aa | +[..T..0..g..Id. 770: 8d b8 bb f5 32 66 a5 a6 97 f4 fc eb c9 74 7d 72 | ....2f.......t}r 780: 89 ed e0 9a 2a 2f 4c 4d 78 06 3a 2f c4 2f 13 0f | ....*/LMx.:/./.. 790: ff 4b 36 c3 e4 dd 53 cf a5 54 9f b7 1f 0a 7b 88 | .K6...S..T....{. 7a0: 3d 37 ee 5a 98 fb 6c 3d e5 96 ac be 1e 24 19 ec | =7.Z..l=.....$.. 7b0: 87 ad 6c e5 40 6c b0 76 31 ea ce 1a 96 cc 0e 00 | ..l........ 7c0: 00 00 | .. (1986 bytes of 1981) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 16 03 01 07 bd | ..... type = 22 (handshake) version = { 3,1 } length = 1981 (0x7bd) handshake { 0: 02 00 00 46 | ...F type = 2 (server_hello) length = 70 (0x000046) ServerHello { server_version = {3, 1} random = {...} 0: 49 e7 b9 07 3d 96 23 75 66 37 4f ee ad aa 6f 0d | I...=.#uf7O...o. 10: 83 bc d3 aa 98 f1 41 ea ed 9e 5b 87 29 18 d9 94 | ......A...[.)... session ID = { length = 32 contents = {...} 0: 2f 64 49 eb f7 2b 88 8b 82 46 56 5f 88 45 8b 91 | /dI..+...FV_.E.. 10: 36 28 60 86 27 b6 d2 63 4e 90 ba d6 9c d4 a2 01 | 6(`.'..cN....... } cipher_suite = (0x0004) SSL3/RSA/RC4-128/MD5 compression method = 00 } 0: 0b 00 07 6b | ...k type = 11 (certificate) length = 1899 (0x00076b) CertificateChain { chainlength = 1896 (0x0768) Certificate { size = 934 (0x03a6) data = { saved in file 'cert.001' } } Certificate { size = 956 (0x03bc) data = { saved in file 'cert.002' } } } 0: 0e 00 00 00 | .... type = 14 (server_hello_done) length = 0 (0x000000) } } </font>] --> [ <font color=blue> 0: 16 03 01 01 06 10 00 01 02 01 00 17 5a 07 4c d0 | ............Z.L. 10: d4 a3 a9 0a d5 fd 0e 9c 92 96 4b cd 50 45 46 66 | ..........K.PEFf 20: ce f3 a6 34 5b 9b 7a 5f e2 31 e5 6c 21 bf 4d 7c | ...4[.z_.1.l!.M| 30: 30 eb 5b c9 9d 0b be 31 e5 53 22 e0 34 fd b4 29 | 0.[....1.S".4..) 40: 28 d1 73 5a fe 70 19 24 2f dc 1b b9 9d b5 4a c3 | (.sZ.p.$/.....J. 50: 51 1f af 1c ef c2 85 4e 4e 3e 9c bf 2f 0a d1 1d | Q......NN>../... 60: 8c cc 69 19 04 50 26 97 88 95 64 92 b2 af 64 54 | ..i..P&...d...dT 70: c1 e6 97 58 1a c2 1b fd bc 87 d6 c5 e8 cf 89 27 | ...X...........' 80: 88 66 db 31 11 b1 da fb 00 09 bf c4 af a3 93 96 | .f.1............ 90: 32 fc 40 67 84 7e bb a1 31 01 32 b4 8f d1 ed 08 | 2.@g.~..1.2..... a0: 9d 76 d9 ec 97 b6 9d fa 6b dc f1 93 d5 ea b8 c0 | .v......k....... b0: b6 1f 41 70 0c a2 a2 e9 ab 16 14 37 a4 51 d9 b7 | ..Ap.......7.Q.. c0: 19 15 a3 8b 25 78 ba c0 70 62 0f 04 86 0c af a9 | ....%x..pb...... d0: 00 ee f4 23 14 fc 3f 14 4a c2 60 b2 c0 44 5e 16 | ...#..?.J.`..D^. e0: 6b c3 bd c3 1c 97 07 05 ce b0 83 a9 36 4e 9a 19 | k...........6N.. f0: 08 ad bc 28 b2 80 46 44 07 3b bb a2 fd 2c 85 7c | ...(..FD.;...,.| 100: 4e 33 21 5a 4b 20 e1 38 56 99 ed 14 03 01 00 01 | N3!ZK .8V....... 110: 01 16 03 01 00 20 04 3f ce 1a 74 be 80 cf 6c 82 | ..... .?..t...l. 120: fb 1b ce 2d 9e db f1 44 cf 09 33 f2 ba a7 dd 26 | ...-...D..3....& 130: 49 64 5d a0 7b 1c | Id].{. (310 bytes of 262, with 43 left over) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 16 03 01 01 06 | ..... type = 22 (handshake) version = { 3,1 } length = 262 (0x106) handshake { 0: 10 00 01 02 | .... type = 16 (client_key_exchange) length = 258 (0x000102) ClientKeyExchange { message = {...} } } } (310 bytes of 1, with 37 left over) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 14 03 01 00 01 | ..... type = 20 (change_cipher_spec) version = { 3,1 } length = 1 (0x1) 0: 01 | . } (310 bytes of 32) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 16 03 01 00 20 | .... type = 22 (handshake) version = { 3,1 } length = 32 (0x20) < encrypted > } </font>] <-- [ <font color=red> 0: 15 03 01 00 02 02 14 | ....... (7 bytes of 2) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 15 03 01 00 02 | ..... type = 21 (alert) version = { 3,1 } length = 2 (0x2) fatal: bad_record_mac 0: 02 14 | .. } </font>] Read EOF on Server socket. [Thu Apr 16 16:02:31 2009] Read EOF on Client socket. [Thu Apr 16 16:02:31 2009] Connection 1 Complete [Thu Apr 16 16:02:31 2009] <p><HR><H2>Connection #2 [Thu Apr 16 16:02:31 2009] </H2>Connected to delta.dsdev.sjc.redhat.com:9443 --> [ <font color=blue> 0: 80 3d 01 03 00 00 24 00 00 00 10 00 00 39 00 00 | .=....$......9.. 10: 38 00 00 35 00 00 33 00 00 32 00 00 04 00 00 05 | 8..5..3..2...... 20: 00 00 2f 00 00 16 00 00 13 00 fe ff 00 00 0a 53 | ../............S 30: 9c 0a 2e bd 1f 65 22 70 00 6a a0 6f 7f 12 e9 | .....e"p.j.o.. alloclen = 63 bytes (63 bytes of 63) [Thu Apr 16 16:02:31 2009] [ssl2] ClientHelloV2 { version = {0x03, 0x00} cipher-specs-length = 36 (0x24) sid-length = 0 (0x00) challenge-length = 16 (0x10) cipher-suites = { (0x000039) TLS/DHE-RSA/AES256-CBC/SHA (0x000038) TLS/DHE-DSS/AES256-CBC/SHA (0x000035) TLS/RSA/AES256-CBC/SHA (0x000033) TLS/DHE-RSA/AES128-CBC/SHA (0x000032) TLS/DHE-DSS/AES128-CBC/SHA (0x000004) SSL3/RSA/RC4-128/MD5 (0x000005) SSL3/RSA/RC4-128/SHA (0x00002f) TLS/RSA/AES128-CBC/SHA (0x000016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA (0x000013) SSL3/DHE-DSS/DES192EDE3CBC/SHA (0x00feff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA } session-id = { } challenge = { 0x539c 0x0a2e 0xbd1f 0x6522 0x7000 0x6aa0 0x6f7f 0x12e9 } } </font>] <-- [ <font color=red> 0: 16 03 00 07 bd 02 00 00 46 03 00 49 e7 b9 07 29 | ........F..I...) 10: aa bc 0e 3f fb dd 21 c3 f2 f7 d2 81 e0 76 36 da | ...?..!......v6. 20: 4e e9 60 fe df c7 f5 57 12 41 cd 20 2f 64 8b f7 | N.`....W.A. /d.. 30: 8d c8 47 75 3c 43 fb 29 04 32 8c 3f 06 b9 d1 7d | ..Gu<C.).2.?...} 40: 24 92 24 cf e8 42 03 84 2d 90 99 fd 00 04 00 0b | $.$..B..-....... 50: 00 07 6b 00 07 68 00 03 a6 30 82 03 a2 30 82 02 | ..k..h...0...0.. 60: 8a a0 03 02 01 02 02 01 03 30 0d 06 09 2a 86 48 | .........0...*.H 70: 86 f7 0d 01 01 05 05 00 30 46 31 24 30 22 06 03 | ........0F1$0".. 80: 55 04 0a 13 1b 44 73 64 65 76 53 6a 63 52 65 64 | U....DsdevSjcRed 90: 68 61 74 20 44 6f 6d 61 69 6e 20 64 65 6c 74 61 | hat Domain delta a0: 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 69 | 1.0...U....Certi b0: 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 | ficate Authority c0: 30 1e 17 0d 30 39 30 34 31 36 31 37 32 34 31 31 | 0...090416172411 d0: 5a 17 0d 31 31 30 34 30 36 31 37 32 34 31 31 5a | Z..110406172411Z e0: 30 4b 31 24 30 22 06 03 55 04 0a 13 1b 44 73 64 | 0K1$0"..U....Dsd f0: 65 76 53 6a 63 52 65 64 68 61 74 20 44 6f 6d 61 | evSjcRedhat Doma 100: 69 6e 20 64 65 6c 74 61 31 23 30 21 06 03 55 04 | in delta1#0!..U. 110: 03 13 1a 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ...delta.dsdev.s 120: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 30 82 01 | jc.redhat.com0.. 130: 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 | "0...*.H........ 140: 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 30 | .....0.........0 150: 45 4f 53 eb 0c f1 2f fc 6c 74 e6 4a 53 e7 fe f6 | EOS.../.lt.JS... 160: 77 2e 5b 30 c1 94 97 51 5e c2 e6 5c 80 f3 0e a6 | w.[0...Q^..\.... 170: 37 5a da 58 2d 63 ff ff 14 e5 f8 72 0e e2 b3 9f | 7Z.X-c.....r.... 180: 07 8a a1 cd 74 b3 be 52 5d 6b 2d 45 93 d8 9a 83 | ....t..R]k-E.... 190: 55 2b 86 a8 1f e4 ef dd d6 25 67 1f d5 6d 97 05 | U+.......%g..m.. 1a0: da a3 51 c9 02 8b 4f a6 87 e9 78 f9 43 78 db 2e | ..Q...O...x.Cx.. 1b0: 4c bc ed 16 d7 97 4c 5e 2e d7 c8 23 7c 14 40 0a | L.....L^...#|.@. 1c0: 91 47 2d 44 cd 84 5a e5 96 49 aa 3e 0a 70 b0 1c | .G-D..Z..I.>.p.. 1d0: 78 b5 d9 96 31 db a4 2f 7b f4 f1 e3 06 19 51 44 | x...1../{.....QD 1e0: db 42 f6 0e 28 d5 12 75 3f 59 cd 5e 60 17 26 a7 | .B..(..u?Y.^`.&. 1f0: f8 99 0c d4 c4 55 6e b9 3e 92 52 7a ea 95 fb 82 | .....Un.>.Rz.... 200: 09 93 08 c6 68 64 7f 58 67 90 2d e3 ad 9b a2 91 | ....hdXg.-..... 210: cf 14 75 8b 3f 57 96 d0 4d cc 6a e3 6a 62 00 8a | ..u.?W..M.j.jb.. 220: 0d 11 41 80 a4 48 1b 0c 78 f5 cd c6 5f fe 6d 7d | ..A..H..x..._.m} 230: 8d 6c ac af fe c3 dd 65 b5 e2 ff 62 80 fd 98 1b | .l.....e...b.... 240: 0e 96 31 18 92 6d e4 9a 55 5d d4 40 92 81 02 03 | ..1..m..U].@.... 250: 01 00 01 a3 81 95 30 81 92 30 1f 06 03 55 1d 23 | ......0..0...U.# 260: 04 18 30 16 80 14 76 1e c5 f9 4a 32 93 43 41 c8 | ..0...v...J2.CA. 270: 2c 14 56 0f a3 8d 2d 6a 2c 30 30 4a 06 08 2b 06 | ,.V...-j,00J..+. 280: 01 05 05 07 01 01 04 3e 30 3c 30 3a 06 08 2b 06 | .......>0<0:..+. 290: 01 05 05 07 30 01 86 2e 68 74 74 70 3a 2f 2f 64 | ....0...http://d 2a0: 65 6c 74 61 2e 64 73 64 65 76 2e 73 6a 63 2e 72 | elta.dsdev.sjc.r 2b0: 65 64 68 61 74 2e 63 6f 6d 3a 39 31 38 30 2f 63 | edhat.com:9180/c 2c0: 61 2f 6f 63 73 70 30 0e 06 03 55 1d 0f 01 01 ff | a/ocsp0...U..... 2d0: 04 04 03 02 04 f0 30 13 06 03 55 1d 25 04 0c 30 | ......0...U.%..0 2e0: 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a | ...+.......0...* 2f0: 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 2c | .H............., 300: cc 8c 20 77 93 a5 1f 99 27 27 12 41 6c 2a b4 de | .. w....''.Al*.. 310: 1f 62 c8 da 28 f2 0a d3 34 6f db 59 0e 33 60 76 | .b..(...4o.Y.3`v 320: fe 86 4a 3d e3 f4 e5 b7 1a 34 f5 2e d8 1d 1f 82 | ..J=.....4...... 330: a0 ad 77 c5 1e a6 9d 12 56 33 4a a4 85 c4 52 9e | ..w.....V3J...R. 340: dc 14 5a b8 1f 53 25 6e 34 f0 bd 8f 6d 49 e2 6a | ..Z..S%n4...mI.j 350: c3 c9 32 13 ff 38 c2 61 03 42 8c 1d d2 0c b4 21 | ..2..8.a.B.....! 360: 87 b6 a0 aa 9b 9d c4 db f0 b7 73 bf 85 c6 7b f4 | ..........s...{. 370: 04 90 65 84 7f 73 f7 f4 be f0 03 cb 68 eb 1e d2 | ..e.s......h... 380: 7b 80 0d 81 d0 9c c3 47 67 bc 43 96 80 a6 96 92 | {......Gg.C..... 390: e3 87 b4 5f 5c bb fc 88 8c 65 54 3a d3 7e bf 66 | ..._\....eT:.~.f 3a0: cc 17 bc 0f a8 76 c7 2f 09 bf 73 31 7a 23 b7 7e | .....v./..s1z#.~ 3b0: 95 fe 4d 8a bb b2 9f ea 36 53 12 c3 ab 9a f8 74 | ..M.....6S.....t 3c0: ef f0 99 66 a4 1b 7a de e4 eb f6 79 d1 f8 0b 0a | ...f..z....y.... 3d0: 40 e1 b0 96 50 c4 86 88 1d 7b 8d 97 5c ee e9 35 | @...P....{..\..5 3e0: ad 70 de d1 51 05 1e ff c0 20 14 c4 49 cf dd b3 | .p..Q.... ..I... 3f0: 7e d8 38 a3 88 93 9e 04 bb 80 c7 57 2a 5d 10 00 | ~.8........W*].. 400: 03 bc 30 82 03 b8 30 82 02 a0 a0 03 02 01 02 02 | ..0...0......... 410: 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 | ..0...*.H....... 420: 00 30 46 31 24 30 22 06 03 55 04 0a 13 1b 44 73 | .0F1$0"..U....Ds 430: 64 65 76 53 6a 63 52 65 64 68 61 74 20 44 6f 6d | devSjcRedhat Dom 440: 61 69 6e 20 64 65 6c 74 61 31 1e 30 1c 06 03 55 | ain delta1.0...U 450: 04 03 13 15 43 65 72 74 69 66 69 63 61 74 65 20 | ....Certificate 460: 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 30 39 30 | Authority0...090 470: 34 31 36 31 37 32 34 31 30 5a 17 0d 31 31 30 34 | 416172410Z..1104 480: 30 36 31 37 32 34 31 30 5a 30 46 31 24 30 22 06 | 06172410Z0F1$0". 490: 03 55 04 0a 13 1b 44 73 64 65 76 53 6a 63 52 65 | .U....DsdevSjcRe 4a0: 64 68 61 74 20 44 6f 6d 61 69 6e 20 64 65 6c 74 | dhat Domain delt 4b0: 61 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 | a1.0...U....Cert 4c0: 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 | ificate Authorit 4d0: 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 | y0.."0...*.H.... 4e0: 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 | .........0...... 4f0: 01 00 df 53 9f 4a 8d b8 c8 f0 6b cd 8b 2f f0 ac | ...S.J....k../.. 500: a7 22 09 4b a8 1a c3 70 4e e0 ab 65 4d f8 da c3 | .".K...pN..eM... 510: 7d b4 0e bf 07 d5 b4 40 19 82 89 b4 e9 ce 81 5e | }......@.......^ 520: 4b b7 da f9 10 9e 28 62 0d 64 98 6b d1 eb c4 c1 | K.....(b.d.k.... 530: d2 80 7e 48 81 22 e4 ff f8 04 0b 1d 61 d4 22 86 | ..~H."......a.". 540: 92 2b 1e d1 d7 4f 75 17 ff 7e 57 dc f2 fc de 6a | .+...Ou..~W....j 550: 19 4d 3d c8 9b 27 80 e2 cc 2a 9c 37 5c 77 b2 b9 | .M=..'...*.7\w.. 560: 86 cc a9 db fc d4 e0 69 48 3b 7a 55 e7 2f 12 bc | .......iH;zU./.. 570: 9d 10 5d d9 92 62 99 6a 77 e4 96 b4 7f e0 aa 2d | ..]..b.jw.....- 580: 94 9c 19 0c 9b 3e 08 b1 ff 7b eb c9 5d 92 e6 b9 | .....>...{..]... 590: 7f b3 21 08 e9 5b e3 ea 68 2a 36 10 b0 56 9c 1e | .!..[..h*6..V.. 5a0: 54 61 6b 12 1c b3 ba 49 ee d2 9d b7 e5 e7 2a 32 | Tak....I......*2 5b0: 7a 4a 26 2e 04 1b e6 98 4d cf 8c 38 44 1c fa 56 | zJ&.....M..8D..V 5c0: 87 a2 1b 8d d8 d6 27 84 bc ff ed ac ad 5c 27 5d | ......'......\'] 5d0: ff 4f 99 26 df ad 4a 64 cb c8 61 55 17 e0 e5 3d | .O.&..Jd..aU...= 5e0: f7 d8 2b a5 ce c1 73 93 81 23 2b 85 30 f8 19 32 | ..+...s..#+.0..2 5f0: 99 61 02 03 01 00 01 a3 81 b0 30 81 ad 30 1f 06 | .a........0..0.. 600: 03 55 1d 23 04 18 30 16 80 14 76 1e c5 f9 4a 32 | .U.#..0...v...J2 610: 93 43 41 c8 2c 14 56 0f a3 8d 2d 6a 2c 30 30 0f | .CA.,.V...-j,00. 620: 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 | ..U.......0....0 630: 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 c6 30 | ...U...........0 640: 1d 06 03 55 1d 0e 04 16 04 14 76 1e c5 f9 4a 32 | ...U......v...J2 650: 93 43 41 c8 2c 14 56 0f a3 8d 2d 6a 2c 30 30 4a | .CA.,.V...-j,00J 660: 06 08 2b 06 01 05 05 07 01 01 04 3e 30 3c 30 3a | ..+........>0<0: 670: 06 08 2b 06 01 05 05 07 30 01 86 2e 68 74 74 70 | ..+.....0...http 680: 3a 2f 2f 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ://delta.dsdev.s 690: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 3a 39 31 | jc.redhat.com:91 6a0: 38 30 2f 63 61 2f 6f 63 73 70 30 0d 06 09 2a 86 | 80/ca/ocsp0...*. 6b0: 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 37 87 | H.............7. 6c0: bd a0 3a ad b8 8a ff 7c ae 12 6c eb 81 06 38 81 | ..:....|..l...8. 6d0: b7 3a 1d 55 7d fe e8 34 5f ca 85 b7 33 57 d7 bf | .:.U}..4_...3W.. 6e0: 7b 15 7a d6 0d 85 1a fc 23 ea 12 f2 a0 b7 19 50 | {.z.....#......P 6f0: 27 a5 f7 c0 6c 49 27 94 17 18 ef 74 c3 37 a2 f9 | '...lI'....t.7.. 700: c8 41 f9 60 47 3b 81 2e e4 5c ef 52 06 91 e9 0a | .A.`G;...\.R.... 710: 64 b1 47 1f 7d 2f 18 68 ec d8 6a fa 0e 38 4f 91 | d.G.}/.h..j..8O. 720: bc 9b d2 47 f3 46 0c de 71 1a 34 20 68 62 79 57 | ...G.F..q.4 hbyW 730: c9 f2 f5 0c c8 ae 1c bd 48 5c e3 8e ad 8d b0 fd | ........H\...... 740: 68 92 69 a0 04 5d f6 48 f9 0e 99 57 f0 bf 7a 32 | h.i..].H...W..z2 750: 9d 9c 6f db 97 f5 ca 32 ce d1 64 f0 60 ba d2 4d | ..o....2..d.`..M 760: 2b 5b 1a b5 54 ec e6 30 fd d4 67 1c c6 49 64 aa | +[..T..0..g..Id. 770: 8d b8 bb f5 32 66 a5 a6 97 f4 fc eb c9 74 7d 72 | ....2f.......t}r 780: 89 ed e0 9a 2a 2f 4c 4d 78 06 3a 2f c4 2f 13 0f | ....*/LMx.:/./.. 790: ff 4b 36 c3 e4 dd 53 cf a5 54 9f b7 1f 0a 7b 88 | .K6...S..T....{. 7a0: 3d 37 ee 5a 98 fb 6c 3d e5 96 ac be 1e 24 19 ec | =7.Z..l=.....$.. 7b0: 87 ad 6c e5 40 6c b0 76 31 ea ce 1a 96 cc 0e 00 | ..l........ 7c0: 00 00 | .. (1986 bytes of 1981) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 16 03 00 07 bd | ..... type = 22 (handshake) version = { 3,0 } length = 1981 (0x7bd) handshake { 0: 02 00 00 46 | ...F type = 2 (server_hello) length = 70 (0x000046) ServerHello { server_version = {3, 0} random = {...} 0: 49 e7 b9 07 29 aa bc 0e 3f fb dd 21 c3 f2 f7 d2 | I...)...?..!.... 10: 81 e0 76 36 da 4e e9 60 fe df c7 f5 57 12 41 cd | ..v6.N.`....W.A. session ID = { length = 32 contents = {...} 0: 2f 64 8b f7 8d c8 47 75 3c 43 fb 29 04 32 8c 3f | /d....Gu<C.).2.? 10: 06 b9 d1 7d 24 92 24 cf e8 42 03 84 2d 90 99 fd | ...}$.$..B..-... } cipher_suite = (0x0004) SSL3/RSA/RC4-128/MD5 compression method = 00 } 0: 0b 00 07 6b | ...k type = 11 (certificate) length = 1899 (0x00076b) CertificateChain { chainlength = 1896 (0x0768) Certificate { size = 934 (0x03a6) data = { saved in file 'cert.003' } } Certificate { size = 956 (0x03bc) data = { saved in file 'cert.004' } } } 0: 0e 00 00 00 | .... type = 14 (server_hello_done) length = 0 (0x000000) } } </font>] --> [ <font color=blue> 0: 16 03 00 01 04 10 00 01 00 84 7f 68 e8 2f 63 c1 | ..........h./c. 10: 12 16 39 d2 48 3d 68 c8 39 34 22 df 17 77 2f 58 | ..9.H=h.94"..w/X 20: 59 9b 0a 05 14 d3 4c 03 b7 92 ec c0 87 f8 28 52 | Y.....L.......(R 30: 67 48 80 90 be 2c d6 74 85 96 bf 2e a7 1a 08 5e | gH...,.t.......^ 40: 61 2a 1b 7f 63 3b 8a 6b d3 1c 8f 96 fc a0 a3 7a | a*.c;.k.......z 50: 59 81 93 6e 18 19 2f 38 98 19 5c bc 52 69 1d 2b | Y..n../8..\.Ri.+ 60: bc d4 56 81 c5 83 fa 0b 40 32 50 f7 a2 1c 98 c9 | ..V.....@2P..... 70: 03 c1 f7 6e 1b 0d 98 2f 5b 7a 84 94 43 c5 8d 08 | ...n.../[z..C... 80: d9 ef 0d 2c ee 92 7c 30 4c 65 02 0c c6 f0 43 23 | ...,..|0Le....C# 90: cf 7f dc bb 98 91 10 19 5d cb c2 67 51 ae d3 0c | .......]..gQ... a0: f7 61 e2 cc 7d c8 cd 6c 0b b6 0e ab 6f 9f de 78 | .a..}..l....o..x b0: ef e2 23 12 18 4b 03 42 27 4b 86 03 2b 72 e7 e9 | ..#..K.B'K..+r.. c0: 67 10 54 02 a5 15 c8 18 8c cf e2 d7 e7 1e cc 1c | g.T............. d0: 4e b7 53 b6 ea 23 6e b9 29 df e9 6b 40 55 6b 5d | N.S..#n.)..k@Uk] e0: 58 61 1b c7 c7 7c 8e a6 b7 19 8e c9 2b 52 de 90 | Xa...|......+R.. f0: 3a 18 72 17 1b cb b6 7d 92 89 0b 5b 30 29 f8 0c | :.r....}...[0).. 100: 27 42 bc 7a 9d b6 bf c4 5f 14 03 00 00 01 01 16 | 'B.z...._....... 110: 03 00 00 38 e2 ca 0f fd 27 7d 7f f4 77 8b 66 34 | ...8....'}.w.f4 120: b5 61 06 8b 4a d0 ce 0e 68 9d c1 90 76 0f e3 53 | .a..J...h...v..S 130: f8 09 ba d1 d8 48 07 df 2d 84 47 9f 64 e2 74 79 | .....H..-.G.d.ty 140: f2 64 fa 3f 97 71 78 66 f2 b2 d0 6a | .d.?.qxf...j (332 bytes of 260, with 67 left over) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 16 03 00 01 04 | ..... type = 22 (handshake) version = { 3,0 } length = 260 (0x104) handshake { 0: 10 00 01 00 | .... type = 16 (client_key_exchange) length = 256 (0x000100) ClientKeyExchange { message = {...} } } } (332 bytes of 1, with 61 left over) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 14 03 00 00 01 | ..... type = 20 (change_cipher_spec) version = { 3,0 } length = 1 (0x1) 0: 01 | . } (332 bytes of 56) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 16 03 00 00 38 | ....8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) < encrypted > } </font>] <-- [ <font color=red> 0: 15 03 00 00 02 02 14 | ....... (7 bytes of 2) SSLRecord { [Thu Apr 16 16:02:31 2009] 0: 15 03 00 00 02 | ..... type = 21 (alert) version = { 3,0 } length = 2 (0x2) fatal: bad_record_mac 0: 02 14 | .. } </font>] Read EOF on Server socket. [Thu Apr 16 16:02:31 2009] Read EOF on Client socket. [Thu Apr 16 16:02:31 2009] Connection 2 Complete [Thu Apr 16 16:02:31 2009]
I tried this and confirmed what you saw, Chandra. The port on the Done page now appears to be okay, but clicking on it will get mac error. And guess what? I took Ade's wild suggestion and use the ee port instead, and it works. Am I allowed to say that this is freakily screwy?
In debugging this issue, I encountered the following: * the name of the instance and ALL of the ports must be unique values * the name of the Security Domain MUST be changed away from the default value * the name of the Subsystem Type MUST be changed to be a unique string The error encountered is that on the Import CA's Certificate Chain panel, the Trust Dialog will not pop-up resulting in an inability to complete the configuration.
Jack and I were able to get rid of the "bad MAC" error by replacing 'clientAuth="agent"' with 'clientAuth="true"' in the "Agent" Connector section of the /var/lib/<instance>/conf/server.xml file. However, there are still existing port issues, and also, we are now experiencing the following error instead of the "bad MAC" issue: gamma.dsdev.sjc.redhat.com has received an incorrect or unexpected message. Error Code: -12227
Created attachment 340654 [details] Elimination of "bad MAC" Error
Created attachment 340655 [details] Elimination of "bad MAC" Error (spec files)
Attachments (id=340654) (id=340655) +jmagne .
cd pki/base % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/conf/server.xml M tks/shared/conf/server.xml M ocsp/shared/conf/server.xml M kra/shared/conf/server.xml % svn commit Sending base/ca/shared/conf/server.xml Sending base/kra/shared/conf/server.xml Sending base/ocsp/shared/conf/server.xml Sending base/tks/shared/conf/server.xml Transmitting file data .... Committed revision 409. cd pki/dogtag % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/pki-ca.spec M tks/pki-tks.spec M ocsp/pki-ocsp.spec M kra/pki-kra.spec % svn commit Sending dogtag/ca/pki-ca.spec Sending dogtag/kra/pki-kra.spec Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/tks/pki-tks.spec Transmitting file data .... Committed revision 410.
Created attachment 341613 [details] Make Installation Wizard use "admin" port; re-enable filters (phase 1)
Created attachment 341614 [details] Make Installation Wizard use "admin" port; re-enable filters (phase 1 - spec files)
Patch URLs were copied from Bugzilla Bug #492735.
Created attachment 342572 [details] Make Installation Wizard use "admin" port, re-enable filters, cleanup Port Separation, etc.
Created attachment 342573 [details] Make Installation Wizard use "admin" port, re-enable filters, cleanup Port Separation, etc. (dogtag + spec files)
Attachments (id=342572) (id=342573) (id=342574) +jmagne All this content already reviewed in the other bug that this bug refers to.
cd pki/base % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/webapps/ca/WEB-INF/web.xml M ca/shared/conf/CS.cfg M ca/shared/conf/server.xml M ca/shared/conf/schema.ldif M ca/shared/etc/init.d/httpd M migrate/80/schema-add.ldif M migrate/80/MigrateSecurityDomain.java M common/src/com/netscape/cms/authentication/TokenAuthentication.java M common/src/com/netscape/cms/servlet/csadmin/DonePanel.java M common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java M common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java M common/src/com/netscape/cms/servlet/csadmin/GetCookie.java M common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java M common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java M common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java M common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java M common/src/com/netscape/cms/servlet/csadmin/NamePanel.java M common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java M common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java M common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java M common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java M common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java M silent/src/tks/ConfigureTKS.java M silent/src/drm/ConfigureDRM.java M silent/src/ra/ConfigureRA.java M silent/src/ca/ConfigureCA.java M silent/src/ocsp/ConfigureOCSP.java M silent/src/tps/ConfigureTPS.java M silent/src/subca/ConfigureSubCA.java M setup/pkiremove M setup/pkicreate M tks/shared/webapps/tks/WEB-INF/web.xml M tks/shared/conf/CS.cfg M tks/shared/conf/server.xml M tks/shared/conf/schema.ldif M ra/doc/CS.cfg M ra/forms/index.cgi M ra/forms/ee/user/renewal.cgi M ra/lib/perl/PKI/RA/DonePanel.pm M ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm M ra/lib/perl/PKI/RA/AdminPanel.pm M ra/lib/perl/PKI/RA/DRMInfoPanel.pm M ra/lib/perl/PKI/RA/CAInfoPanel.pm M ra/lib/perl/PKI/RA/NamePanel.pm M ra/lib/perl/PKI/RA/SecurityDomainPanel.pm M ra/lib/perl/PKI/RA/SubsystemTypePanel.pm M ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm M ra/lib/perl/PKI/RA/SizePanel.pm M ra/lib/perl/PKI/RA/TKSInfoPanel.pm M ocsp/shared/webapps/ocsp/WEB-INF/web.xml M ocsp/shared/conf/CS.cfg M ocsp/shared/conf/server.xml M ocsp/shared/conf/schema.ldif M tps/doc/CS.cfg M tps/lib/perl/PKI/TPS/DonePanel.pm M tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm M tps/lib/perl/PKI/TPS/AdminPanel.pm M tps/lib/perl/PKI/TPS/DRMInfoPanel.pm M tps/lib/perl/PKI/TPS/CAInfoPanel.pm M tps/lib/perl/PKI/TPS/NamePanel.pm M tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm M tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm M tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm M tps/lib/perl/PKI/TPS/SizePanel.pm M tps/lib/perl/PKI/TPS/TKSInfoPanel.pm M kra/shared/webapps/kra/WEB-INF/web.xml M kra/shared/conf/CS.cfg M kra/shared/conf/server.xml M kra/shared/conf/schema.ldif % svn commit Sending base/ca/shared/conf/CS.cfg Sending base/ca/shared/conf/schema.ldif Sending base/ca/shared/conf/server.xml Sending base/ca/shared/etc/init.d/httpd Sending base/ca/shared/webapps/ca/WEB-INF/web.xml Sending base/common/src/com/netscape/cms/authentication/TokenAuthentication.java Sending base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java Sending base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java Sending base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java Sending base/kra/shared/conf/CS.cfg Sending base/kra/shared/conf/schema.ldif Sending base/kra/shared/conf/server.xml Sending base/kra/shared/webapps/kra/WEB-INF/web.xml Sending base/migrate/80/MigrateSecurityDomain.java Sending base/migrate/80/schema-add.ldif Sending base/ocsp/shared/conf/CS.cfg Sending base/ocsp/shared/conf/schema.ldif Sending base/ocsp/shared/conf/server.xml Sending base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml Sending base/ra/doc/CS.cfg Sending base/ra/forms/ee/user/renewal.cgi Sending base/ra/forms/index.cgi Sending base/ra/lib/perl/PKI/RA/AdminPanel.pm Sending base/ra/lib/perl/PKI/RA/CAInfoPanel.pm Sending base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm Sending base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm Sending base/ra/lib/perl/PKI/RA/DonePanel.pm Sending base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm Sending base/ra/lib/perl/PKI/RA/NamePanel.pm Sending base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm Sending base/ra/lib/perl/PKI/RA/SizePanel.pm Sending base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm Sending base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm Sending base/setup/pkicreate Sending base/setup/pkiremove Sending base/silent/src/ca/ConfigureCA.java Sending base/silent/src/drm/ConfigureDRM.java Sending base/silent/src/ocsp/ConfigureOCSP.java Sending base/silent/src/ra/ConfigureRA.java Sending base/silent/src/subca/ConfigureSubCA.java Sending base/silent/src/tks/ConfigureTKS.java Sending base/silent/src/tps/ConfigureTPS.java Sending base/tks/shared/conf/CS.cfg Sending base/tks/shared/conf/schema.ldif Sending base/tks/shared/conf/server.xml Sending base/tks/shared/webapps/tks/WEB-INF/web.xml Sending base/tps/doc/CS.cfg Sending base/tps/lib/perl/PKI/TPS/AdminPanel.pm Sending base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm Sending base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm Sending base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm Sending base/tps/lib/perl/PKI/TPS/DonePanel.pm Sending base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm Sending base/tps/lib/perl/PKI/TPS/NamePanel.pm Sending base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm Sending base/tps/lib/perl/PKI/TPS/SizePanel.pm Sending base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm Sending base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm Transmitting file data ..................................................................... Committed revision 431.
cd pki/dogtag % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm M tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm M tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm M tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm M tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm M tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm M tps-ui/dogtag-pki-tps-ui.spec M ca/pki-ca.spec M migrate/pki-migrate.spec M common/pki-common.spec A ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template A ca-ui/shared/webapps/ca/admin/ca/sendCookie.template D ca-ui/shared/webapps/ca/ee/ca/sendCookie.template D ca-ui/shared/webapps/ca/ee/ca/securitydomainlogin.template M ca-ui/dogtag-pki-ca-ui.spec M silent/pki-silent.spec M setup/pki-setup.spec M tks/pki-tks.spec M ra/pki-ra.spec M common-ui/dogtag-pki-common-ui.spec M common-ui/shared/admin/console/config/importcachainpanel.vm M common-ui/shared/admin/console/config/createsubsystempanel.vm M common-ui/shared/admin/console/config/securitydomainpanel.vm M common-ui/shared/admin/console/config/importadmincertpanel.vm M ocsp/pki-ocsp.spec M tps/pki-tps.spec M kra/pki-kra.spec M ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm M ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm M ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm M ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm M ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm M ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm M ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm M ra-ui/shared/docroot/index.vm M ra-ui/dogtag-pki-ra-ui.spec % svn commit Sending dogtag/ca/pki-ca.spec Sending dogtag/ca-ui/dogtag-pki-ca-ui.spec Adding dogtag/ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template Adding dogtag/ca-ui/shared/webapps/ca/admin/ca/sendCookie.template Deleting dogtag/ca-ui/shared/webapps/ca/ee/ca/securitydomainlogin.template Deleting dogtag/ca-ui/shared/webapps/ca/ee/ca/sendCookie.template Sending dogtag/common/pki-common.spec Sending dogtag/common-ui/dogtag-pki-common-ui.spec Sending dogtag/common-ui/shared/admin/console/config/createsubsystempanel.vm Sending dogtag/common-ui/shared/admin/console/config/importadmincertpanel.vm Sending dogtag/common-ui/shared/admin/console/config/importcachainpanel.vm Sending dogtag/common-ui/shared/admin/console/config/securitydomainpanel.vm Sending dogtag/kra/pki-kra.spec Sending dogtag/migrate/pki-migrate.spec Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/ra/pki-ra.spec Sending dogtag/ra-ui/dogtag-pki-ra-ui.spec Sending dogtag/ra-ui/shared/docroot/index.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm Sending dogtag/setup/pki-setup.spec Sending dogtag/silent/pki-silent.spec Sending dogtag/tks/pki-tks.spec Sending dogtag/tps/pki-tps.spec Sending dogtag/tps-ui/dogtag-pki-tps-ui.spec Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm Transmitting file data .................................. Committed revision 432.
Verified with build 06/04/2009. - installed/configured all subsystems ca,tks,tps,ra,ocsp,kra on nethsm2k with browser firefox 3 (latest on rhel 5.3 x86_64). - all agent certs are imported onto the browser. - this of course can happen only after the proper ca chain is imported. - and access to agent pages are fine.