3043149 - SAP Cloud Connector LDAPS connection check fails - No subject alternative names matching

Symptom

In SAP Cloud Connector the on-premise LDAP server connection check fails with LDAPS protocol.

scc.check.ldaps.png

The ljs_trace/scc_core.trc contains such exception:

#INFO#com.sap.scc.rt#Thread-105# #Connectivity check failed for ldap://10.10.10.10:636
javax.naming.CommunicationException: anonymous bind failed: 10.10.10.10:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 10.10.10.10 found]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
...

Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 10.10.10.10 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)

PS: Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP Cloud Connector release independent
On-premise LDAP server

Product

SAP Connectivity service 2.0 ; cloud connector 1.0 for SAP HANA Cloud Platform

Keywords

LDAPS, CertificateException, No subject alternative names matching, SAN, SAP Cloud Connector, SCC, CC, Connector , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.