/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
You observed discrepancies in the certificates obtained from the same SuccessFactors endpoint while calling it from different servers. While one server brings a certificate for *.sapsf.eu another brings for *.successfactors.eu
Environment
SAP SuccessFactors HCM Suite
Reproducing the Issue
To diagnose the issue, you can direct perform a command line query to retrieve the SSL certificates from api2.successfactors.eu on both servers using the following OpenSSL command: openssl s_client -host api2.successfactors.eu -port 443 -showcerts -prexit
Cause
For a few GCP DC's we have common public IP for many end points, as you can see on KBA 2215682 - SuccessFactors API URLs and external IPs.
Resolution
- As per Operations Team, for a few GCP DC's we have common public IP for many end points. To resolve the reported issue with certificates, use SNI.
- Without SNI, the server would not know which certificate to present, potentially resulting in a certificate mismatch error if multiple domains share the same IP address.
- SNI is widely supported by modern browsers and servers, but usually older clients or systems which don't support SNI may encounter compatibility issues.
See Also
Keywords
API call, SuccessFactors, SSL verification error, SNI, certificate mismatch, common public IP, OData API Framework, incorrect certificate, different certificate , KBA , LOD-SF-INT-API , API & Adhoc API Framework , Bug Filed
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)