- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- SSL issue "name mismatch"
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SSL issue "name mismatch"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2010 2:05 PM
Hi,
We are using PI 7.1 system and are sending messages to supplier using HTTPS.
We have imported the server and CA certicate of the supplier in the ticketkeystore of the PI server. Also the certificate of PI server have been imported in the supplier's server. The transfer of messages from PI to supplier was working with no problem.
But since few days we are getting error while sending message from PI to supplier using HTTPS. The error is,
name mismatch: bprod.abc.com != btest.abc.com
Message: Entering method with (bprod.abc.com, b2btest.abc.com)
Category: com.sap.security.core.server.https.DefaultHostnameVerifier
Location: com.sap.security.core.server.https.DefaultHostnameVerifier.verify( String urlHostname, String certHostname )
Here, bprod is the production server of supplier and btest is test server if the supplier. Initially we had certificates for both the supplier systems bprod and btest installed in PI server. I then deleted both the certificates and installed only for btest server. The certificate of btest server has correct hostname i.e. btest.abc.com.
The messages can be sent to btest server without any probem using HTTP. But for HTTPS we get anme mismatch error.
Please suggest. Can someone also let me the table name where these certificates (imported in ticketkeystore) are stored?
Regards,
Chintan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2010 10:10 PM
Are you using STRUST, or commandline tools, or NWA?
From the client side (huh?) which hostname are they using and what is in between?
If you display an understanding of what you have done and tell us how the client's are logging on, then we might be able to help you.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2010 6:02 AM
Thanks Julius for the reply.
The certificates of the supplier has been installed in PI server through NWA. The supplier's hostname is btest.abc.com which is correctly given in the certificate. The supplier is using RosettaNet adapter. We are sending messages from PI to supplier (RosettaNet adapter).
Error Logs:
name mismatch: bprod.abc.com != btest.abc.com
Message: Entering method with (bprod.abc.com, btest.abc.com)
Category: com.sap.security.core.server.https.DefaultHostnameVerifier
Location: com.sap.security.core.server.https.DefaultHostnameVerifier.verify( String urlHostname, String certHostname )
Let me know incase yo need more information.
Regards,
Chintan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2010 7:41 AM
Hi,
are you sure that you are sending a message to btest.abc.com? You can see from method signature that urlHostname = bprod.abc.com and certHostname = btest.abc.com. It looks like PI is using correct certificate but it's connecting to different server. As you probably know, the hostnames have to match. It looks to me that the problem is not in SSL certificate but somewhere else. For example you can ping both hostnames from your PI system to see if they are pointing to same IP or not.
Good luck
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2010 3:37 PM
Hi Martin,
Thanks but sorry for the late reply.
The IP of both the servers bprod and btest is same (just different port numbers). In hosts file, the IP was pointed to hostname bprod, thus giving name mismatch error. I changed it to btest server.
Now when posting message from PI to supplier by giving its IP in URL, the HTTPS works fine. But when we give hostname of supplier in URL, it goes in below error.
Transmitting the message to endpoint https://btest.abc.com.:<port>/invoke/wm.ip.rn/receive using connection RNIFAdapter failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error transmitting the message over HTTP. Reason: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: Peer sent alert: Alert Fatal: handshake failure.
If we give IP of btest server in that URL, it works fine with HTTPS.
The hostname is added in the hosts file against that IP address and we are also able to ping this hostname from server.
Please suggest.
Regards,
Chintan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2010 5:25 AM
Hi,
can you post a trace for SSL connection? I don't know how to get it in PI but in Netweaver ABAP stack you can activate full trace in SMICM (very useful for debugging any issues with HTTP). The message posted in your last post is too generic. It could be expired certificate or anything else. It just says that SSL handshake failed. There is a limit that you can have only one SSL per IP and port. But it looks like this should be OK cause you mentioned that you are running two systems on same host but the systems have different IDs.
Cheers
- SAP Managed Tags:
- Security
