[Pki-users] (forwarded) Help needed on dogtag

Chandrasekar Kannan ckannan at redhat.com
Wed Nov 18 00:21:53 UTC 2009 

On 11/17/2009 01:09 PM, John Dorovski wrote:
> It was not a typo. I did use the port number 9545.

Ok. one idea would be to run the utility "ssltap" as a proxy
and using your browser to connect to the "ssltap" port and
pasting the output here so folks can see what's happening
during the SSL handshake.
http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html


On a Fedora 10 system, its packaged with nss-tools rpm.

Run ssltap like this...

ssltap -sfxl CA_HOSTNAME:CA_PORT

in your case, it will be

ssltap -sfxl localhost:9545

Then use a browser and connect to ssltap. ssltap
listens on port 1924. So on the browser type..

  https://localhost.localdomain:1924


ssltap will capture the results of the ssl handshake.

Copy and paste it here so we can tell what's happening
during that phase while you get the bad mac alert.

Thanks,
--Chandra



>
>
> John
>
> On Tue, Nov 17, 2009 at 3:51 PM, Adewumi, Julius-p99373 
> <Julius.Adewumi at gdc4s.com <mailto:Julius.Adewumi at gdc4s.com>> wrote:
>
>
>     Unless it's a typo on your part, the two port numbers are different...
>     Could that be the problem?
>     8445  vs 9545
>
>     From: Julius Adewumi
>     @GDC4S.com
>     Ph:480-441-6768
>     Contract Corp:MTSI
>
>
>     -----Original Message-----
>     From: pki-users-bounces at redhat.com
>     <mailto:pki-users-bounces at redhat.com>
>     [mailto:pki-users-bounces at redhat.com
>     <mailto:pki-users-bounces at redhat.com>]
>     On Behalf Of Christina Fu
>     Sent: Tuesday, November 17, 2009 12:56 PM
>     To: pki-users at redhat.com <mailto:pki-users at redhat.com>
>     Cc: johndorovski at googlemail.com <mailto:johndorovski at googlemail.com>
>     Subject: [Pki-users] (forwarded) Help needed on dogtag
>
>     I might have messed up when managing pki-users and this did not come
>     through.  Hence the forward.
>     Christina
>
>     Subject:
>     Help needed on dogtag
>     From:
>     John Dorovski <johndorovski at googlemail.com
>     <mailto:johndorovski at googlemail.com>>
>     Date:
>     Tue, 17 Nov 2009 10:58:18 -0500
>
>     To:
>     pki-users at redhat.com <mailto:pki-users at redhat.com>
>
>
>     Hi,
>
>     I just installed a dogtag (1.2.0) instance on my Fedora 10 system.
>     I used a SafeNet ProtectServer Gold HSM as keystore.
>     The dogtag system installation and configuration were fine. No
>     error was
>     reported.
>     All keys and certificates were generated inside the HSM.
>
>     But when I tried to access the secure admin interface at
>         https://localhost:localdomain:9545
>     I got error message:
>        Secure Connection Failed
>        An error occurred during a connection to localhost.localdomain:8445
>        SSL peer reports incorrect Message Authentication Code.
>        (Error code: ssl_error_bad_mac_alert)
>
>     I checked the server certificate (viewed it with IE on a Windows box).
>     It seems fine.
>
>     Does any body know what is wrong and how can I fix it?
>
>     Thanks,
>
>     John
>
>     _______________________________________________
>     Pki-users mailing list
>     Pki-users at redhat.com <mailto:Pki-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/pki-users
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20091117/1f851b8b/attachment.htm>

More information about the Pki-users mailing list