cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Backend ECC connection to CPI

Go to solution
former_member1002059
Explorer

on ‎04-07-2020 6:45 PM

I am getting error 'SSSLERR_SERVER_CERT_MISMATCH (-30)#Server certificate does not match supplied TargetHostname##SapSSLSessionStartNB()==SSSLERR_SERVER_CERT_MISMATCH# TargetHostname' while testing trial-CPI service from ECC. I have created http connection in SM59 and added the required certificate in STRUST. Earlier there was another issue that I was getting Certificate Missmatch error and I checked the ICM log and found that server was expecting certificate with CN as 'CN=*.cf.eu10.hana.ondemand.com, O=SAP SE, L=Walldorf, C=DE'. Then I got this certificate from 'login.cf.eu10.hana.ondemand.com' added it to STRUST and now I am getting 'Hostname' mismatch error however I can see the entry *.cfapps.eu10.hana.ondemand.com' with DNSName it the certificate.

Thanks,

Deepak

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

isaias_freitas
Advisor
Advisor
‎04-08-2020 3:57 PM

Hello Deepak,

Confirm that the parameters "icm/HTTPS/client_sni_enabled" and "ssl/client_sni_enabled" are set to "TRUE".

In fact, only the latter would be required if you are using a recent SAP kernel release/patch level.

Regards,

Isaías

Show replies
Show replies
former_member1002059
Explorer
‎04-08-2020 6:23 PM
0 Kudos

Thanks for your response Isaias,

I have added the parameters you mentioned, However I am getting warning for 'icm/HTTPS/client_sni_enabled' -

Also now the error has changed to information pop-up -

I am getting below error when testing the outbound proxy -

Regards,

Deepak

isaias_freitas
Advisor
Advisor
‎04-08-2020 7:43 PM
0 Kudos

Hello Deepak,

You are welcome!

It seems that the screenshots did not come through, so I cannot see what you tried to show...

Regards,

Isaías

former_member1002059
Explorer
‎04-09-2020 12:34 PM
0 Kudos

Thanks Isaias, That's solved my problem, I thought I have already added those parameters.

Regards,

Deepak

Answers (1)

Answers (1)

former_member340751
Explorer
‎04-08-2020 2:02 PM
0 Kudos

Hi Deepak,

Can you please try by adding both root and server certificate of CPI in STRUST.

Also, You should be adding CA certified ECC certificate in CPI keystore.

Regards,

Vinay Halale

Show replies
Show replies
former_member1002059
Explorer
‎04-08-2020 4:13 PM
0 Kudos

Thanks Vijay for your response, I have tried with both CPI's root and root +Server certificates in STRUST.

Also I have already uploaded the ECC certificate to CPI keystore.

Do you have any other recommendation?

Regards,

Deepak

former_member340751
Explorer
‎04-08-2020 4:32 PM
0 Kudos

Hi Deepak,

Can you please confirm if you have installed CPI certificates from your tenant which is available in key stores.

For reference please find below screenshot.

Regards,
Vinay Halale

former_member1002059
Explorer
‎04-08-2020 6:21 PM
0 Kudos

Hi Vijay,

I have downloaded the certificate from Connection test -

Also I don't have above mentioned certificate in the Keystore -

Thanks,

Deepak

former_member340751
Explorer
‎04-08-2020 6:41 PM
0 Kudos

Hi Deepak,

You may please address me as Vinay 🙂

Since your tenant is trail account. The certificate may not be available.

Can you please import the server certificate obtained from connection test in CPI key store and try testing again.

Regards,
Vinay Halale

former_member1002059
Explorer
‎04-09-2020 12:33 PM
0 Kudos

Sorry Vinay, Its me being hasty here :).

Ask a Question