On the heels of my hybrid report just moments ago, I figured to test Mutual RSA (using certs outside the "certificates" directory) and all works well right up to the same point that the hybrid and then also lacks the sa info from phase 2.