cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSSLERR_SERVER_CERT_MISMATCH

Go to solution
former_member787462
Participant

on ‎12-06-2013 8:46 AM

0 Kudos


Dear Team,

We are facing the below issue after enabling the imported the SSL server & SSL clinet certificates.

[Thr 3180]   SSL NI-sock: local=127.0.0.1:4144  peer=127.0.0.1:50101

[Thr 3180] <<- ERROR: SapSSLSessionStart(sssl_hdl=00000000011FECB0)==SSSLERR_SERVER_CERT_MISMATCH

[Thr 3180] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxpool.c   2097]

[Thr 3180] *** ERROR => Cannot reach external Application  Server on localhost:50101 {00030597} [http_j2ee.c 820]

regards,

Manoj K

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-10-2013 2:11 AM
0 Kudos

Hi,

You try to set up a secure connection for a server in the form "https://<server name>:<port>". However, the certificate that is returned by the server is issued for a different server name and is therefore rejected. In particular, this happens if you use the IP address of the server instead of the server name in the URL.

You must be able to access the server under the address for which the certificate was issued. For example, if the server certificate was issued to the name "CN=www.sap.com, C=DE", then you must be able to access the server using the URL "https://www.sap.com"

For more info please read it .

1318906 - Trace analysis of SSL problems

So please check what was the name that you requested the certs.

Thanks

Rishi Abrol

Show replies
Show replies
former_member787462
Participant
‎12-24-2013 7:29 AM
0 Kudos

Dear Both,

Let me explain the reason why I got the "SSSLERR_SERVER_CERT_MISMATCH" error in the SMICM trace.

Reason :

  • In SM59 for the ADS connection RFC, we have used the SSL Client standard certificate, hence we have to import the same SSL client standard certificate (( SSL client certificate has to be exported from ABAP using STRUST)) in to TrustedCA's and then we have to add the same in the "SSL provider" -> Runtime -> Active Sockets (Click on the Https port - in our case its 5$$01) -> Client Authentication -> Click on the Request Client Certificate and add the SSL Client standard certificate.
  • And also make sure , under Server Identity the right certificate is used (ssl-credentials)

=> And also import ssl-credentials-cert from Visual Admin in to the SSL server standard in STRUST.

Above steps are not performed in my system , that is the reason why I am getting the above error.

I have followed the above steps and now I dont see that error. Issue got fixed.

PS: If you don't see the HTTPs port (5$$01) under Active sockets, please follow below SAP notes.

1705065 - Active Socket Ports not visible on Visual Administrator after a restart

1892723 - Active Sockets of SSL Provider service shows blank/disappear after system restart

Thank you for the support.

Best Regards,

Manoj K

Answers (1)

Answers (1)

Former Member
‎12-09-2013 3:50 PM
0 Kudos

Hi Manoj,

1. I assume that this is with the portal?

2. Which version of NetWeaver are you running?

3. What is the server name in the certificate? It looks like 'localhost' above, and that's not a good idea.

4. Has the certificate request been raised and sent?

5. If so, has it been returned?

can you give us some more info so that we can assist?

Regards,

Graham

Show replies
Show replies
Ask a Question