cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSSLERR_SERVER_CERT_MISMATCH

susan_pfab
Participant

on ‎07-28-2011 10:17 PM

0 Kudos

We are getting the following error in the SXMB_MONI Trace on any message using a receiver adapter residing on the adapter engine. They all previously worked. The error occurs on the Call Adapter step. In the URL below, the <host> is NOT fully qualified, and I know this is the problem, but where is this defined? We are on PI 7.1. This same URL, without the fully qualified host, also shows on SXI_CACHE Goto->Adapter Engine Cache (Adapter Engine URL). Where is the URL defined or at least the host in the URL?

- <Trace level="1" type="B" name="CL_XMS_PLSRV_IE_ADAPTER-ENTER_PLSRV">

<Trace level="3" type="T">Channel for adapter engine: SFTP</Trace>

- <Trace level="1" type="B" name="CL_XMS_PLSRV_CALL_XMB-CALL_XMS_HTTP">

<Trace level="2" type="T">return fresh values from cache</Trace>

<Trace level="2" type="T">Get logon data for adapter engine (SAI_AE_DETAILS_GET):</Trace>

<Trace level="3" type="T">URL = https://<host>:<port>/MessagingSystem/receive/AFW/XI</Trace>

<Trace level="3" type="T">User = PIxxxISU</Trace>

<Trace level="3" type="T">Cached = X</Trace>

<Trace level="3" type="T">Creating HTTP-client</Trace>

<Trace level="3" type="T">HTTP-client: creation finished</Trace>

<Trace level="3" type="T">Security: Basic authentication</Trace>

<Trace level="3" type="T">Serializing message object...</Trace>

<Trace level="3" type="T">HTTP-client: sending http-request...</Trace>

<Trace level="3" type="T">HTTP-client: request sent</Trace>

<Trace level="3" type="T">HTTP-client: Receiving http-response...</Trace>

<Trace level="3" type="System_Error">HTTP-Client: exception during receive: HTTP_COMMUNICATION_FAILURE</Trace>

</Trace>

Additional errors in the Trace:

IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH

Error while receiving by HTTP (error code: 407, error text: ICM_HTTP_SSL_ERROR)

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (7)

Answers (7)

susan_pfab
Participant
‎08-04-2011 2:35 PM
0 Kudos

The issue has been solved. We had to go to SXI_CACHE->GoTo->Adapter Engine Cache-> and delete the cache entries for the Adapter Engine. Then, we had to cycle the system. When it came back up, the correct FQDN had been cached on the Adapter Engine. SAP said this can heppen when you do a CPA cache refresh and the SLD is not available to pull in the FQDN. ????

Show replies
Show replies
Former Member
‎08-01-2011 8:08 PM
0 Kudos

The error is probably because of mismatch in the hostname in the cert and the hostname being called. I'm guessig one has FQDN and the other doesn't from your description of the problem.

You can change the hostname values from Visual Administrator --> Global Configuration tab --> Server --> Services --> SAP XI AF CPA Cache

SLD.selfregistration.hostName

You may need to restart the cache applications (com.sap.aii.af.cpa.app and com.sap.aii.af.app) in deploy service to activate the change OR you can restart the J2EE engine.

Show replies
Show replies
naveen_chichili
Active Contributor
‎07-29-2011 8:49 PM
0 Kudos

Hi Susan,

Please check the links with the same issue:

Regards,

Naveen

Show replies
Show replies
former_member4985
Employee
Employee
‎07-29-2011 7:50 PM
0 Kudos

Hello,

It may be related to some settings on the Web Dispatcher.

Can you check what the value is for the Web Dispatcher profile parameter wdisp/ssl_encrypt?

Please set this to '0', restart the Web Dispatcher and then test the Cache Connectivity Test.

In other case, please set the wdisp/ssl_encrypt = 1.

More info, check:

SAP Web Dispatcher and SSL

http://help.sap.com/saphelp_nwpi71/helpdata/EN/48/98e6a84be0062fe10000000a42189d/content.htm

Regards,

Caio

Show replies
Show replies
former_member854360
Active Contributor
‎07-29-2011 7:22 AM
0 Kudos

Hi,

Please check whether you have used the correct pair of certificate or not.

Show replies
Show replies
Former Member
‎07-29-2011 6:34 AM
0 Kudos

Hi Susan,

1. Please check the expiration of the certificate. If the certificate is expired, you need to renew and import the new certificate.

2. Make sure the basic authentication credentials are correct.

3. Ref:

Thanks,

Show replies
Show replies
baskar_gopalakrishnan2
Active Contributor
‎07-29-2011 4:58 AM
0 Kudos

>cmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH

Error while receiving by HTTP (error code: 407, error text: ICM_HTTP_SSL_ERROR)

This error is due to invalid client certificate or certificate mismatch between client and PI system. Check whether the certificate is expired or not? Certiificate is normallly maintained in both java stack and abap stack.

Abap stack tc STRUST

Java stack go to nwa -> configuration management --> Certificate and keys.

Show replies
Show replies
Ask a Question