cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL Connection Error.

Former Member

on ‎10-27-2014 2:51 PM

0 Kudos

Hi Experts,

I have followed the below url for configuring the SSL for HANA but getting the below error.

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/70d2b2b7-3574-3010-dcac-be68463c6...

but while Connecting from hana studio with validate SSL certificate getting the below error and without validate the SSL certificate not getting the error and able to connect.

com.sap.ndb.studio.jdbc.JDBCConnectionStatus: Name in the server certificate is not the name expected by JDBC

Check client configuration:

1. Check that the host name used to connect is correct (not localhost, or 127.0.0.1)

2.Check the value used for the hostNameInCertificat property

Check server configuration:

1. Check that you are using the right SSL server certificate

For more details, see the error log

  at com.sap.ndb.studio.jdbc.JDBCPlugin.createConnection(JDBCPlugin.java:284)

  at com.sap.ndb.studio.navigator.wizards.newsapsystem.NewSAPSystemWizard$1$1.call(NewSAPSystemWizard.java:229)

  at com.sap.ndb.studio.navigator.wizards.newsapsystem.NewSAPSystemWizard$1$1.call(NewSAPSystemWizard.java:1)

  at java.util.concurrent.FutureTask.run(FutureTask.java:262)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

  at java.lang.Thread.run(Thread.java:744)

Caused by: com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: Cannot connect to jdbc:sap://xx.xx.xxx.xx:30015 [Cannot connect to host xx.xx.xxx.xx [SAP DBTech JDBC: Host name verification failed, found 1.2.840.113549.1.9.1=#161772616a6573687440696e666f726d61746963612e636f6d,CN=hanaxxxxxxx.com,OU=IT,O=INFA,L=Bangalore,ST=Karnataka,C=IN, expected CN=xx.xx.xxx.xx.], -813.].

  at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.createException(SQLExceptionSapDB.java:219)

  at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.createException(SQLExceptionSapDB.java:203)

  at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.generateDatabaseException(SQLExceptionSapDB.java:186)

  at com.sap.db.jdbc.Driver.connect(Driver.java:238)

  at com.sap.ndb.studio.jdbc.JDBCConnection$1.run(JDBCConnection.java:153)

Caused by: com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: Host name verification failed, found 1.2.840.113549.1.9.1=#161772616a6573687440696e666f726d61746963612e636f6d,CN=hanaxxxxxxx.com,OU=IT,O=INFA,L=Bangalore,ST=Karnataka,C=IN, expected CN=xx.xx.xxx.xx.

  at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.createException(SQLExceptionSapDB.java:334)

  at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.generateSQLException(SQLExceptionSapDB.java:146)

  at com.sap.db.rte.comm.SecureCommunication.openSocketIntern(SecureCommunication.java:609)

  at com.sap.db.rte.comm.SecureCommunication.openSocket(SecureCommunication.java:512)

  at com.sap.db.rte.comm.SecureCommunication.<init>(SecureCommunication.java:99)

  at com.sap.db.rte.comm.SecureCommunication.<init>(SecureCommunication.java:55)

  at com.sap.db.rte.comm.SecureCommunication$1.open(SecureCommunication.java:60)

  at com.sap.db.jdbc.topology.Topology.getSession(Topology.java:145)

  at com.sap.db.jdbc.Driver.openByURL(Driver.java:1019)

  at com.sap.db.jdbc.Driver.connect(Driver.java:230)

  ... 1 more

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

kekkou
Member
‎06-30-2022 3:30 PM
0 Kudos

SAP JDBC (ngdbc.jar) doesn't support for TLS/SSL connections via an IP address. That is to say, when JDBC validates the SSL certificate, only the host name in the subject alternative names (aka, SAN) will be used to verify during certificate validation, even if IP in the SAN list is valid (Is it possible to have SSL certificate for IP address, not domain name? [closed])


On the other hand, see also Hey, SAP HANA, express edition! What’s your SQL port number?.

If you are developing in a multiple-database environment, then you can enable client connections to a specific database by using the database name; for example, TDB1.

In a multiple-database system, the individual database instances are isolated. SYSTEMDB stores information about the host name and port number for other databases.

The client connection uses the DATABASENAME parameter to specify the database instance to connect to.

After receiving the response message from SYSTEMDB, the client disconnects from SYSTEMDB and reconnects to the database specified by DATABASENAME.

For connection to a tenant database,

On the first connection, the response may contain an IP as host in the CLIENTINFO part even if you use the host to connect to the SAP HANA database.

On the second connection, JDBC will use the returned host, which, in fact, is an IP address to connect the tenant database over TLS/SSL. As a result, it will fail to _validateHostName.


Forunately, we can Override Host Name in Certificate like in Hana Studio by the hostNameInCertificate ConnectionProperty

1. hostNameInCertificate=* to disable _validateHostName, validateCertificate

2. hostNameInCertificate=your.domain.com.from.your.certifcation

The host name will be used duration certificate validation. Use at your own risk.

Show replies
Show replies
Former Member
‎08-10-2016 6:34 AM
0 Kudos

Are you able to resolve this issue , I got the same issue.

Thank you

Mehar

Show replies
Show replies
Former Member
‎08-02-2016 12:20 PM
0 Kudos

Same to me.

Really appreciate if some one could resolve the issue!

Show replies
Show replies
Ask a Question