Symptom
You followed SAP note 2300943 to enable SSL encrypted connections from SAP HANA Cockpit to the underlying SAP HANA database, where HANA Cockpit is running on (e.g SYSTEMDB or COCKPITDB).
When open HANA Cockpit, it shows blank page.
If set parameter global.ini [communication] sslenforce = false, HANA Cockpit can be opened successfully.
In sap-portal-persistency log, same or similar error messages as below, are observed.
-------------------------------
Connection failed (RTE:[300015] SSL certificate validation failed: host name '<hostname>' does not match names in certificate: '<hostname>.<domain1.com>, <hostname>.<domain2.com>' (<hostname>:39613))#
-------------------------------
sap-portal-persistency log can be collected via command: xs logs sap-portal-persistency --last 1000 > /tmp/sap-portal-persistency.log
Checked env variables via command: xs env cockpit-persistence-svc, the hostname (see below) neither match CN nor included in "Subject Alternative Names" of the DB certificate.
-------------------------------
...
"hana" : [ {
"name" : "cockpit-datasource",
"label" : "hana",
"tags" : [ "hana", "database", "relational" ],
"plan" : "securestore",
"credentials" : {
"schema" : "...",
"tenant_name" : "COCKPITDB",
"db_hosts" : [ {
"port" : 30041,
"host" : "<hostname>"
} ],
"certificate" : "-----BEGIN CERTIFICATE-----\n...=\n-----END CERTIFICATE-----\n",
"url" : "jdbc:sap://<hostname>:30041/?encrypt=true&validateCertificate=true&hostNameInCertificate=<hostname>.<domain>¤tschema=USR_....",
"hostname_in_certificate" : "<hostname>.<domain1.com>",
"password" : "...",
"driver" : "com.sap.db.jdbc.Driver",
"port" : "30041",
"encrypt" : true,
"validate_certificate" : true,
"host" : "<hostname>",
"user" : "..."
}
} ]
...
-------------------------------
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Read more...
Environment
- SAP HANA, platform edition 2.0
- SAP HANA Cockpit 2.0
Product
Keywords
HANA Cockpit, blank page, empty page, Connection failed, SSL certificate validation failed: host name, does not match names in certificate, SSL, sslenforce, sslvalidatecertificate , KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.