Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

"SSSLERR_SERVER_CERT_MISMATCH" Error

guilherme_deoliveira
Participant
‎09-15-2015 5:20 PM

It is not so rare to see customers facing the SSSLERR_SERVER_CERT_MISMATCH error in their Webdispatcher/ICM traces. Therefore, I'll clarify better regarding such error.

The SSSLERR_SERVER_CERT_MISMATCH error means that the server is using a certificate where the CN part does not matches the hostname of URL server that client is trying to access. For a correct setup, the certificate CN and the host being accessed must match.

Whenever increasing the ICM/Webdispatcher trace level to 2, we'll be able to see a more detailed information, such as:

[Thr XXXX]   MatchTargetName(<your FQDN>, CN=<your certificate CN>) MISmatch

Therefore, the solution is:

Either ensure that the server's FQDN is correctly set or create a SSL Certificate where the CN matches it.

An workaround when using a webdispatcher is to set the following parameter to ignore this mismatch:

wdisp/ssl_ignore_host_mismatch = 1

NOTE: The wdisp/ssl_ignore_host_mismatch = 1 will ignore the mismatch error, but it will not solve it. Therefore, the error message will still be visible in the traces, but the system will not stop the communication because of the error.

4 Comments
Labels in this area
Popular Blog Posts