Symptom
There are outgoing HTTPS connection from the local ABAP system (let it be via SM59 destinations or the application itself) where it fails with a SSSLERR_SERVER_CERT_MISMATCH error as below in the ICM trace file:
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
- [Thr 140484128118528] Target Hostname="<target HTTPS server FQDN>"
[Thr 140484128118528] SSL NI-hdl 2662: local=<local ICM IP address>:<port> peer=<target HTTPS server IP address>:<target HTTPS server HTTPS port>
[Thr 140484128118528] <<- ERROR: SapSSLSessionStartNB(sssl_hdl=7fc4e0001870)==SSSLERR_SERVER_CERT_MISMATCH
[Thr 140484128118528] *** ERROR => SSL handshake with <target HTTPS server FQDN>:<target HTTPS server HTTPS port> failed: SSSLERR_SERVER_CERT_MISMATCH (-30)
[Thr 140484128118528] Server certificate does not match supplied TargetHostname (rfc2818 section 3.1)
[Thr 140484128118528]
[Thr 140484128118528] SapSSLSessionStartNB()==SSSLERR_SERVER_CERT_MISMATCH
[Thr 140484128118528] TargetHostname = "<target HTTPS server FQDN>"
[Thr 140484128118528] ServerCert.subject = <CN=<mismatched hostname with the target HTTPS server FQDN>, (...)>
SNI is already configured per SAP Note 2124480.
Read more...
Environment
SAP Kernel 721 or higher.
Product
Keywords
icm, ssl, handshake, x.509, x509, certificate, authentication, https, http, destination, external server, sni, server name indication, network, dns, mismatch, correct certificate, import, export , KBA , BC-CST-IC , Internet Communication Manager , BC-SEC-SSL , Secure Sockets Layer Protocol , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.