Hi,
I'm facing errors in establishing https connection to external server.
The error in the SMICM log are:
[Thr 7912] SecudeSSL_SessionStart(): created new SSL session (TLSv1.0)
[Thr 7912] Server Certificate available (FCPath-Len= 3)
[Thr 7912] No certificate request received from Server
[Thr 7912] secudessl_AddSSL2Cache(): Creating new SSSL_CACHE entry
[Thr 7912] HexDump of native SSL session ID { &buf= 000000001B62FDF4, buf_len= 32 }
[Thr 7912] 00000: 4e 76 fc c8 0b b8 60 35 44 bc 8c 4b 39 53 e7 61 Nv....`5 D..K9S.a
[Thr 7912] 00010: be ad bb 75 bd ab 7d e6 3a 53 74 9b 9f e4 98 ac ...u..}. :St.....
[Thr 7912] Base64-Dump of peer certificate (len=1194 bytes) [Thr 7912]
[Thr 7912] BEGIN CERTIFICATE
[Thr 7912] MIIEpjCCA46gAwIBAgIQYPe6Fb5vcksjKcplcHVBpzANBgkqhkiG9w0BAQUFADA2
certificate
[Thr 7912] U4gH4jr93fkal7pVCl3iVK2lIwglA1kgsoVcVogF6hFH5cjfP6FDFA
[Thr 7912] END CERTIFICATE
[Thr 7912] Subject DN: CN=serverABC.zzz.nl, OU=, O=, C=NL
[Thr 7912] Issuer DN: CN=TERENA SSL CA, O=TERENA, C=NL
[Thr 7912] Current Cipher: TLS_RSA_WITH_AES128_CBC_SHA
[Thr 7912] MatchTargetName("server123.yyy.nl", dNSName="serverABC.zzz.nl") MISmatch
[Thr 7912] MatchTargetName("server123.yyy.nl", CN="serverABC.zzz.nl") MISmatch
[Thr 7912] <<- ERROR: SapSSLSessionStart(sssl_hdl=000000001B72AF10)==SSSLERR_SERVER_CERT_MISMATCH
[Thr 7912] status = "new SSL session"
[Thr 7912] Server DN = "CN=serverABC.zzz.nl, OU=, O=, C=NL"
[Thr 7912] ->> SapSSLErrorName(rc=-30)
[Thr 7912] <<- SapSSLErrorName()==SSSLERR_SERVER_CERT_MISMATCH
[Thr 7912] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn.c 1
server123.yyy.nl is the servername that i put in the RFC connection in SM59,
serverABC.zzz.nl is the PI system, in this case it is the client from where we want to establish communication.
From the server guys i got a certificate which is issued for the server123. I installed this in the PSE via STRUST.
But if i open the certificate which is in the logging i see it is issued for serverABC.
So it looks as if PI makes contact with server123 and gets back a certifcate for serverABC(=PI)
PI matches the certicate it receives to the one stored in the PSE and they are not the same.
So i get the MISMatch error.
Is my analysis correct?
kr
Robert
(or should i better post this question in NW-general or NW-security forum?)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.