04-29-2016 4:03 PM
Hello everybody,
We have two websites, e.g. www.a.com and www.b.com running on the same server (a single hostname and IP address for the two websites) .
We imported their SSL certificates into transaction STRUST without any problems.
(Certificates are OK and can be verified in web browser)
SSL configuration on R/3 is OK.
We created two RFC destinations in SM59 to test the connection from R/3 to websites.
Connection to www.a.com is ok, SMICM logs show an exact match between the requested websites address and it's certificate.
<<- SapSSLSetTargetHostname(sssl_hdl=00000000399975C0)==SAP_O_K
in: hostname = "a.com"
NiIBlockMode: set blockmode for hdl 550 TRUE
NiIBlockMode: set blockmode for hdl 550 FALSE
NiIBlockMode: set blockmode for hdl 550 TRUE
Subject Alt Names: dNSName=a.com, dNSName=www.a.com
MatchTargetName("a.com", dNSName="www.a.com") MISmatch
MatchTargetName("a.com", dNSName="a.com") == EXACT match
But connection to www.b.com fails with message "SSL handshake with b.com:443 failed:"
SMICM logs show a weird situation:
<<- SapSSLSetTargetHostname(sssl_hdl=0000000039997240)==SAP_O_K
in: hostname = "b.com"
NiIBlockMode: set blockmode for hdl 1334 TRUE
NiIBlockMode: set blockmode for hdl 1334 FALSE
NiIBlockMode: set blockmode for hdl 1334 TRUE
Subject Alt Names: dNSName=a.com, dNSName=www.a.com
MatchTargetName("b.com", dNSName="www.a.com") MISmatch
MatchTargetName("b.com", dNSName="a.com") MISmatch
MatchTargetName("b.com", "CN=www.a.com") MISmatch
<<- ERROR: SapSSLSessionStart(sssl_hdl=0000000039997240)==SSSLERR_SERVER_CERT_MISMATCH
Subject DN = "CN=www.a.com, O=.....
*** ERROR => SSL handshake with b.com:443 failed: SSSLERR_SERVER_CERT_MISMATCH (-30)
SAP is requesting a connection to b.com but the returned certificate is the one of website a.com.
How can this be possible? I am not sure if SAP's SLL lib is supporting such a scenario with two certificates on the same host (IP address)
Has anyone experienced the same situation before?
Any help will be much appreciated since we are stuck.
Best regards,
Ozcan.
Message was edited by: Ozcan Gurdal
05-02-2016 4:32 PM
Hello Ozcan,
See SAP note 1318906 (SSL problems) - Also check SAP Note 510007 for SSL configuration.
Thanks