We are configuring the scenario of end-to-end SSL on the web dispatcher

to a central instance NW2004S system (XI). We have followed the

installation guides for the web dispatcher and the procedures for

enabling SSL on the ABAP and JAVA stacks. The document "Configuring

SSL on the Web Dispatcher" states that you need to request a

certificate for the JAVA stack in the name of the web dispatcher so you

do not get the "invalid certificate or does not match the name of the

site". This piece works fine.

Configuring the ABAP stack is different. If we configure the ABAP

stack in the conventional way (CN=hostname, OU=x, O=x, U=US), then we

have no problems hitting the servers directly to test SSL, but when we

try to do a redirect to the Web AS ABAP stack functionality (like

Webgui), I get the above certificate error. Basically, anything with

the url ending in /sap/bc, /sap, etc, routed to the ABAP stack.

If we try to use the methodology specified for the JAVA stack, and

request a certificate in the name of the web dispatcher, I get the

following error:

[Thr 4] Mon Aug 13 21:24:14 2007

[Thr 4] MatchTargetName("FQDN-Central Instance", "CN=FQDN-Web

Dispatcher Server, OU=XXX, O=XXX, C=US") FAILS

[Thr 4] SSL socket: local=0.0.0.0:0 peer=0.0.0.0:0

[Thr 4] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x100c16940)

==SSSLERR_SERVER_CERT_MISMATCH

[Thr 4] *** ERROR => MsHttpLBThread: SapSSLSessionStart (rc=-30)

SSSLERR_SERVER_CERT_MISMATCH [msxxhttp_mt. 7265]

I see this in the ASCS dev_ms trace file for the ABAP stack. The SCS

dev_ms file is fine.

If I change the requested host back to the name of the CI and get

another certificate in the CI's name, there are no errors but I get the

pop up warning about the certificates. I can't use the web dispatcher

for what I want (XI load balancing).

I have searched SAP Notes and SDN and have not come up with any leads.