This is a very strange situation; at this URL: http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt the issuing certificate can be loaded; at my setup I'm using the AICCU daemon on a CentOS VM; I'm using several Linux VMs which all use this one CentOS VM as IPv6 gate; when ruinning the following wget http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt --no-proxy on any of these Linux VMs this hangs; when doing this on the CentOS IPv6 gate this works; running tracepath6 / traceroute6 on this CentOS IPv6 gate results in this: 1?: [LOCALHOST] pmtu 1280 1: gw-2005.mbx-01.si.sixxs.net 16.652ms 1: gw-2005.mbx-01.si.sixxs.net 17.403ms 2: simbx01.sixxs.net 15.077ms asymm 1 3: mx-mb1-te-1-2-0-v4.amis.net 17.305ms asymm 2 4: mx-mb1-te-1-3-1.amis.net 15.943ms asymm 3 5: mx-lj1-te-1-2-1.amis.net 17.990ms asymm 4 6: 2001:978:2:7e::1:1 24.888ms asymm 5 7: te0-0-2-2.rcr11.lju01.atlas.cogentco.com 18.810ms asymm 6 8: te0-7-0-1.ccr21.vie01.atlas.cogentco.com 24.772ms asymm 7 9: be2200.ccr21.muc03.atlas.cogentco.com 33.026ms asymm 8 10: be2228.ccr41.fra03.atlas.cogentco.com 37.799ms asymm 9 11: be2261.ccr41.ams03.atlas.cogentco.com 43.948ms asymm 10 12: be2182.ccr21.lpl01.atlas.cogentco.com 53.208ms asymm 11 13: be2190.ccr21.man01.atlas.cogentco.com 54.444ms asymm 12 14: 2001:978:2:24::5:2 55.098ms asymm 13 15: ge-1-0-7-2013.h6edccrt.hex67.lon.edge.ccanet.co.uk 56.704ms 16: no reply 17: no reply 18: no reply 19: no reply 20: no reply 21: no reply 22: no reply 23: no reply 24: no reply 25: no reply 26: no reply 27: no reply 28: no reply 29: no reply 30: no reply 31: no reply Too many hops: pmtu 1280 Resume: pmtu 1280 and traceroute to crt.comodoca.com (2a02:1788:2fd::b2ff:5302), 30 hops max, 80 byte packets 1 gw-2005.mbx-01.si.sixxs.net (2001:15c0:65ff:7d4::1) 16.130 ms 16.030 ms 15.979 ms 2 simbx01.sixxs.net (2001:15c0:ffff:7::2) 15.894 ms 16.958 ms 16.909 ms 3 mx-mb1-te-1-2-0-v4.amis.net (2001:15c0:ffff:7::1) 16.847 ms 17.201 ms 17.228 ms 4 mx-mb1-te-1-3-1.amis.net (2001:15c0:ffff:d::c) 17.265 ms 17.496 ms 17.409 ms 5 mx-lj1-te-2-3-1-0.amis.net (2001:15c0:ffff:d::37) 19.066 ms 19.016 ms 19.483 ms 6 2001:978:2:7e::1:1 (2001:978:2:7e::1:1) 20.246 ms 18.173 ms 18.183 ms 7 te0-0-2-2.rcr11.lju01.atlas.cogentco.com (2001:550:0:1000::9a19:355) 20.024 ms te0-0-2-2.rcr12.lju01.atlas.cogentco.com (2001:550:0:1000::9a19:359) 20.207 ms te0-0-2-2.rcr11.lju01.atlas.cogentco.com (2001:550:0:1000::9a19:355) 19.557 ms 8 * te0-1-0-0.ccr21.vie01.atlas.cogentco.com (2001:550:0:1000::8275:169) 25.436 ms * 9 be2200.ccr21.muc03.atlas.cogentco.com (2001:550:0:1000::8275:3101) 31.757 ms be2223.ccr22.muc03.atlas.cogentco.com (2001:550:0:1000::8275:3189) 31.491 ms be2200.ccr21.muc03.atlas.cogentco.com (2001:550:0:1000::8275:3101) 31.304 ms 10 be2228.ccr41.fra03.atlas.cogentco.com (2001:550:0:1000::9a36:2631) 36.567 ms 36.528 ms be2229.ccr42.fra03.atlas.cogentco.com (2001:550:0:1000::9a36:2639) 37.357 ms 11 be2262.ccr42.ams03.atlas.cogentco.com (2001:550:0:1000::9a36:2521) 43.174 ms be2261.ccr41.ams03.atlas.cogentco.com (2001:550:0:1000::9a36:251d) 42.350 ms 44.430 ms 12 be2182.ccr21.lpl01.atlas.cogentco.com (2001:550:0:1000::9a36:4df6) 54.897 ms 52.693 ms be2183.ccr22.lpl01.atlas.cogentco.com (2001:550:0:1000::9a36:3a45) 56.672 ms 13 be2190.ccr21.man01.atlas.cogentco.com (2001:550:0:1000::8275:166) 58.589 ms 53.638 ms 54.704 ms 14 2001:978:2:24::5:2 (2001:978:2:24::5:2) 54.278 ms 2001:978:2:24::6:2 (2001:978:2:24::6:2) 56.020 ms 2001:978:2:24::5:2 (2001:978:2:24::5:2) 54.587 ms 15 ge-1-0-4.dwdcccrt2.dela.clif.dc.ccanet.co.uk (2a02:1788:ff:51e4::b2ff:51e4) 126.240 ms 126.117 ms ge-1-0-4.dwdcccrt1.dela.clif.dc.ccanet.co.uk (2a02:1788:ff:51e6::b2ff:51e6) 122.764 ms 16 ge-1-0-6.t8edccrt.telx.8th.edge.ccanet.co.uk (2a02:1788:ff:51dc::b2ff:51dc) 129.313 ms crl.comodoca.com (2a02:1788:2fd::b2ff:5302) 54.492 ms ge-1-0-6.t8edccrt.telx.8th.edge.ccanet.co.uk (2a02:1788:ff:51dc::b2ff:51dc) 124.274 ms running tracepath6 / traceroute6 on the other Linux VMs results in this: 1?: [LOCALHOST] pmtu 1500 1: lxgatevm.local 0.223ms 1: lxgatevm.local 0.095ms 2: lxgatevm.local 0.102ms pmtu 1280 2: gw-2005.mbx-01.si.sixxs.net 15.562ms 2: gw-2005.mbx-01.si.sixxs.net 16.553ms 3: simbx01.sixxs.net 16.017ms asymm 2 4: mx-mb1-te-1-2-0-v4.amis.net 16.766ms asymm 3 5: mx-mb1-te-1-3-1.amis.net 15.967ms asymm 4 6: mx-lj1-te-1-2-1.amis.net 17.809ms asymm 5 7: 2001:978:2:7e::1:1 19.086ms asymm 6 8: te0-0-2-2.rcr12.lju01.atlas.cogentco.com 20.180ms asymm 7 9: te0-1-0-0.ccr21.vie01.atlas.cogentco.com 26.100ms asymm 8 10: be2200.ccr21.muc03.atlas.cogentco.com 31.934ms asymm 9 11: be2228.ccr41.fra03.atlas.cogentco.com 38.272ms asymm 10 12: be2261.ccr41.ams03.atlas.cogentco.com 44.148ms asymm 11 13: be2182.ccr21.lpl01.atlas.cogentco.com 54.565ms asymm 12 14: be2190.ccr21.man01.atlas.cogentco.com 54.929ms asymm 13 15: 2001:978:2:24::5:2 55.098ms asymm 14 16: ge-1-0-7-2013.h6edccrt.hex67.lon.edge.ccanet.co.uk 55.966ms 17: no reply 18: no reply 19: no reply 20: no reply 21: no reply 22: no reply 23: no reply 24: no reply 25: no reply 26: no reply 27: no reply 28: no reply 29: no reply 30: no reply 31: no reply Too many hops: pmtu 1280 Resume: pmtu 1280 and traceroute to crt.comodoca.com (2a02:1788:2fd::b2ff:5302), 30 hops max, 80 byte packets 1 lxgatevm.local (2001:15c0:65ff:87d4::1) 0.237 ms 0.198 ms 0.218 ms 2 gw-2005.mbx-01.si.sixxs.net (2001:15c0:65ff:7d4::1) 21.555 ms 21.920 ms 21.886 ms 3 simbx01.sixxs.net (2001:15c0:ffff:7::2) 16.008 ms 21.327 ms 21.470 ms 4 mx-mb1-te-1-2-0-v4.amis.net (2001:15c0:ffff:7::1) 21.399 ms 21.348 ms 21.325 ms 5 mx-mb1-te-1-3-1.amis.net (2001:15c0:ffff:d::c) 21.331 ms 21.342 ms 21.433 ms 6 mx-lj1-te-2-3-1-0.amis.net (2001:15c0:ffff:d::37) 21.861 ms 21.696 ms 21.714 ms 7 2001:978:2:7e::1:1 (2001:978:2:7e::1:1) 23.340 ms 25.341 ms 19.562 ms 8 te0-0-2-2.rcr11.lju01.atlas.cogentco.com (2001:550:0:1000::9a19:355) 19.520 ms 18.810 ms 18.806 ms 9 * * * 10 be2223.ccr22.muc03.atlas.cogentco.com (2001:550:0:1000::8275:3189) 33.682 ms be2200.ccr21.muc03.atlas.cogentco.com (2001:550:0:1000::8275:3101) 31.531 ms * 11 be2229.ccr42.fra03.atlas.cogentco.com (2001:550:0:1000::9a36:2639) 40.435 ms 40.233 ms * 12 be2261.ccr41.ams03.atlas.cogentco.com (2001:550:0:1000::9a36:251d) 47.012 ms be2262.ccr42.ams03.atlas.cogentco.com (2001:550:0:1000::9a36:2521) 45.753 ms be2261.ccr41.ams03.atlas.cogentco.com (2001:550:0:1000::9a36:251d) 43.156 ms 13 be2182.ccr21.lpl01.atlas.cogentco.com (2001:550:0:1000::9a36:4df6) 52.490 ms be2183.ccr22.lpl01.atlas.cogentco.com (2001:550:0:1000::9a36:3a45) 52.471 ms 53.469 ms 14 * * be2190.ccr21.man01.atlas.cogentco.com (2001:550:0:1000::8275:166) 57.120 ms 15 2001:978:2:24::5:2 (2001:978:2:24::5:2) 54.114 ms 2001:978:2:24::6:2 (2001:978:2:24::6:2) 54.143 ms 53.523 ms 16 ge-1-0-7-2012.h6edccrt.hex67.lon.edge.ccanet.co.uk (2a02:1788:ff:51ae::b2ff:51ae) 55.177 ms ge-1-0-4.dwdcccrt1.dela.clif.dc.ccanet.co.uk (2a02:1788:ff:51e6::b2ff:51e6) 125.411 ms 124.808 ms 17 ge-1-0-6.t8edccrt.telx.8th.edge.ccanet.co.uk (2a02:1788:ff:51dc::b2ff:51dc) 123.434 ms 124.449 ms 123.454 ms 18 crl.comodoca.com (2a02:1788:2fd::b2ff:5302) 56.710 ms 122.697 ms 55.084 ms on the Linux-VMs the wget command itself looks like this: [root@localhost ~]# wget http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt --no-proxy --2015-12-09 14:38:02-- http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt Resolving crt.comodoca.com... 2a02:1788:2fd::b2ff:5302, 178.255.83.2 Connecting to crt.comodoca.com|2a02:1788:2fd::b2ff:5302|:80... connected. HTTP request sent, awaiting response... a wget somewhere else works fine on any of my Linux-VMs, e.g. [root@localhost ~]# wget http://ipv6.google.com/ --no-proxy --2015-12-09 14:39:21-- http://ipv6.google.com/ Resolving ipv6.google.com... 2a00:1450:4013:c01::71 Connecting to ipv6.google.com|2a00:1450:4013:c01::71|:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: index.html [ <=> ] 19,002 --.-K/s in 0.06s 2015-12-09 14:39:21 (317 KB/s) - index.html saved [19002] is this caused on my side or on the side of COMODO? Thanks, Walter