SAP Knowledge Base Article - Preview

3277865 - Connection to Kubernetes provides invalid SSL certificate (CN=Kubernetes Ingress Controller Fake Certificate)

Symptom

When performing an outbound HTTPS connection to a Kubernetes host, SSL errors can be seen in the dev_icm traces:

[Thr 2564]  Certificate verification result:
[Thr 2564]   Certificate:
[Thr 2564]    Subject:                              CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co
[Thr 2564]   Verification result:
[Thr 2564]    Status:                              Not successful
[Thr 2564]    DirectlyTrusted:                     Not successful
[Thr 2564] CCL[SSL]: Cli-000005F5: ########## TLSERROR: Certificate verification failed [0xA0600203: Peer not trusted]
[Thr 2564]
[Thr 2564] CCL[SSL]: Cli-000005F5: ########## TLSERROR: SSL3 client handshake failed [0xA0600203: Peer not trusted]

Such certificate is not the one expected to be provided by the connection endpoint.


Read more...

Environment

Netweaver AS ABAP
S/4HANA

Product

SAP NetWeaver Application Server for ABAP all versions ; SAP S/4HANA Cloud Public Edition all versions ; SAP S/4HANA all versions

Keywords

sni, server name indication, sslabs, kubernetes fake certificate, kubernetes, CN=Kubernetes Ingress Controller Fake Certificate , KBA , BC-SEC-SSL , Secure Sockets Layer Protocol , BC-CST-IC , Internet Communication Manager , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.