Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Certificate Mismatch on 2 SSL Certificates on Same Hostname

former_member848108
Active Participant
0 Kudos

Hello everybody,

We have two websites, e.g. www.a.com and www.b.com running on the same server (a single hostname and IP  address for the two websites) .

We imported their SSL certificates into transaction STRUST without any problems.

(Certificates are OK and can be verified in web browser)

SSL configuration on R/3 is OK.

We created two  RFC destinations in SM59 to test the connection from R/3 to websites.

Connection to www.a.com is ok, SMICM logs show an exact match between the requested websites address and it's certificate.

<<- SapSSLSetTargetHostname(sssl_hdl=00000000399975C0)==SAP_O_K

     in: hostname = "a.com"

NiIBlockMode: set blockmode for hdl 550 TRUE

NiIBlockMode: set blockmode for hdl 550 FALSE

NiIBlockMode: set blockmode for hdl 550 TRUE

  Subject Alt Names: dNSName=a.com, dNSName=www.a.com

  MatchTargetName("a.com", dNSName="www.a.com") MISmatch

  MatchTargetName("a.com", dNSName="a.com") == EXACT match

But connection to www.b.com fails with message "SSL handshake with b.com:443 failed:"

SMICM logs show a weird situation:

<<- SapSSLSetTargetHostname(sssl_hdl=0000000039997240)==SAP_O_K

     in: hostname = "b.com"

NiIBlockMode: set blockmode for hdl 1334 TRUE

NiIBlockMode: set blockmode for hdl 1334 FALSE

NiIBlockMode: set blockmode for hdl 1334 TRUE

  Subject Alt Names: dNSName=a.com, dNSName=www.a.com

  MatchTargetName("b.com", dNSName="www.a.com") MISmatch

  MatchTargetName("b.com", dNSName="a.com") MISmatch

  MatchTargetName("b.com", "CN=www.a.com") MISmatch

<<- ERROR: SapSSLSessionStart(sssl_hdl=0000000039997240)==SSSLERR_SERVER_CERT_MISMATCH

  Subject DN = "CN=www.a.com, O=.....

*** ERROR => SSL handshake with b.com:443 failed: SSSLERR_SERVER_CERT_MISMATCH (-30)

SAP is requesting a connection to b.com but the returned certificate is the one of website a.com.

How can this be possible? I am not sure if SAP's SLL lib is supporting such a scenario with two certificates on the same host (IP address)

Has anyone experienced the same situation before?

Any help will be much appreciated since we are stuck.

Best regards,

Ozcan.

Message was edited by: Ozcan Gurdal

1 REPLY 1

Former Member
0 Kudos

Hello Ozcan,

See SAP note 1318906 (SSL problems) -  Also check SAP Note 510007 for SSL configuration.

Thanks