3474602 - SSSLERR_SERVER_CERT_MISMATCH in the ABAP Application Server instance

When connecting to an ABAP Application Server instance (as the server) through HTTPS, a "Server certificate not valid for supplied TargetHostname" error might occur at the HTTPS client or when the ABAP Application Server instance connects to an External system (acting as client).
This may happen even if parameter icm/HTTPS/client_sni_enabled is activated

For instance, in case the HTTPS client is also an ABAP instance, ICM traces displayed following line at some point:

[Thr .. ]   Disabling automagic TLSextSNI--Caller-supplied SNI detected for '<remote hostname>'!

And ICM traces with level 2 disclose the following when the error is tested:

          Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

[Thr .. ] <<- SapSSLSearchSniBlocklist()==SSSLRC_AUTOMAGIC_SNI_INACTIVE
[Thr .. ]      in: hostname = "<hostname of the server system>"
[Thr .. ] TLS SNI will not be activated for <hostname of the server system>, because SNI is disabled (icm/HTTPS/client_sni_enabled)!
[Thr .. ] IcmCheckSslClientHttp2Usable: Server <hostname of the server system> contained in SNI exclude list or is not usable for SNI. Do not use HTTP/2

[Thr .. ] *** ERROR => SSL handshake with <hostname of the server system> failed: SSSLERR_SERVER_CERT_MISMATCH (-30)
[Thr .. ]              Server certificate not valid for supplied TargetHostname (fatal rfc2818 section 3.1 mismatch)
[Thr .. ]
[Thr .. ]              SapSSLSessionStartNB()==SSSLERR_SERVER_CERT_MISMATCH
[Thr .. ]                TLSextSNI srv_name = "<hostname of the server system>"   
[Thr .. ]                TargetHostname     = "<hostname of the server system>"
[Thr .. ]                ServerCert.subject = <CN=this will be different from the instance hostname>
[Thr .. ]                ServerCert.issuer  = <CN=xxxx>
[Thr .. ]                ServerCert.SANs    = xxxx
[Thr .. ]                SSL NI-hdl 98: unix domain socket="/tmp/.sapicm<server ABAP instance HTTPS port>"
[Thr .. ]               {0086091b} {root-id=B18C900126644BE1B343410872E11864} [icxxconn.c 3607]
[Thr .. ]              role: Client, protocol: H2, local: <client ABAP instance IP address>:<client ABAP instance random TCP port>, peer: <hostname of the server systems>:<server system HTTPS port>, id: 134/2331, SNI:
[Thr .. ] ->> SapSSLSessionDoneNB(&sssl_hdl=7efe6c09fbe8,flags=0x0000,timeout=10000,&IOstate=7efe777a287c)
[Thr .. ] CCL[SSL]: Cli-00000421: Sending alert of level WARNING: close notify [ssl3_send_alert]
[Thr .. ]   SSL:SiSend(sock=  49)== 0 (SI_OK)       (out=31 of 31)
[Thr .. ] CCL[SSL]: Cli-00000421: ########## SSL connection cleaned up and destroyed. ########## [SSL_free]          

ABAP Platform
SAP Netweaver

tls, kernel, strust, SSSLERR_SERVER_CERT_MISMATCH, not valid, MISmatch , KBA , BC-CST-IC , Internet Communication Manager , BC-ESI-WS-ABA , Web Service and SOAP - ABAP , BC-SEC-SSF , Secure Store and Forward , BC-MID-ICF , Internet Communication Framework , BC-SEC-SSL , Secure Sockets Layer Protocol , Known Error