Re: [Pki-users] (forwarded) Help needed on dogtag

Tuesday, 17 November 2009

On 11/17/2009 01:09 PM, John Dorovski wrote:
...
 It was not a typo. I did use the port number 9545. 
Ok. one idea would be to run the utility "ssltap" as a proxy
and using your browser to connect to the "ssltap" port and
pasting the output here so folks can see what's happening
during the SSL handshake.
http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html

On a Fedora 10 system, its packaged with nss-tools rpm.

Run ssltap like this...

ssltap -sfxl CA_HOSTNAME:CA_PORT

in your case, it will be

ssltap -sfxl localhost:9545

Then use a browser and connect to ssltap. ssltap
listens on port 1924. So on the browser type..

  https://localhost.localdomain:1924

ssltap will capture the results of the ssl handshake.

Copy and paste it here so we can tell what's happening
during that phase while you get the bad mac alert.

Thanks,
--Chandra

...

 John

 On Tue, Nov 17, 2009 at 3:51 PM, Adewumi, Julius-p99373 
 <Julius.Adewumi(a)gdc4s.com <mailto:Julius.Adewumi@gdc4s.com>> wrote:

     Unless it's a typo on your part, the two port numbers are different...
     Could that be the problem?
     8445  vs 9545

     From: Julius Adewumi
     @GDC4S.com
     Ph:480-441-6768
     Contract Corp:MTSI

     -----Original Message-----
     From: pki-users-bounces(a)redhat.com
     <mailto:pki-users-bounces@redhat.com>
     [mailto:pki-users-bounces@redhat.com
     <mailto:pki-users-bounces@redhat.com>]
     On Behalf Of Christina Fu
     Sent: Tuesday, November 17, 2009 12:56 PM
     To: pki-users(a)redhat.com <mailto:pki-users@redhat.com>
     Cc: johndorovski(a)googlemail.com <mailto:johndorovski@googlemail.com>
     Subject: [Pki-users] (forwarded) Help needed on dogtag

     I might have messed up when managing pki-users and this did not come
     through.  Hence the forward.
     Christina

     Subject:
     Help needed on dogtag
     From:
     John Dorovski <johndorovski(a)googlemail.com
     <mailto:johndorovski@googlemail.com>>
     Date:
     Tue, 17 Nov 2009 10:58:18 -0500

     To:
     pki-users(a)redhat.com <mailto:pki-users@redhat.com>

     Hi,

     I just installed a dogtag (1.2.0) instance on my Fedora 10 system.
     I used a SafeNet ProtectServer Gold HSM as keystore.
     The dogtag system installation and configuration were fine. No
     error was
     reported.
     All keys and certificates were generated inside the HSM.

     But when I tried to access the secure admin interface at
         https://localhost:localdomain:9545
     I got error message:
        Secure Connection Failed
        An error occurred during a connection to localhost.localdomain:8445
        SSL peer reports incorrect Message Authentication Code.
        (Error code: ssl_error_bad_mac_alert)

     I checked the server certificate (viewed it with IE on a Windows box).
     It seems fine.

     Does any body know what is wrong and how can I fix it?

     Thanks,

     John

     _______________________________________________
     Pki-users mailing list
     Pki-users(a)redhat.com <mailto:Pki-users@redhat.com>
     https://www.redhat.com/mailman/listinfo/pki-users

 _______________________________________________
 Pki-users mailing list
 Pki-users(a)redhat.com
 https://www.redhat.com/mailman/listinfo/pki-users

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-users] (forwarded) Help needed on dogtag