Error: "SSSLERR_SERVER_CERT_MISMATCH" connectivity from ERP to Managed Gateway for Spend&Network fails

	English	
Deutsch - Machine Translation Español - Machine Translation Français (France) - Machine Translation Italiano - Machine Translation 日本語 - Machine Translation 한국어 - Machine Translation Português (Brasil) - Machine Translation Русский - Machine Translation 简体中文 - Machine Translation

Support Note KB0404041

Issue

Connectivity from ERP to Managed Gateway for Spend&Network (testacig.ariba.com/acig.ariba.com) fails with error "SSSLERR_SERVER_CERT_MISMATCH"

SSL handshake with testacig.ariba.com:443 failed: SSSLERR_SERVER_CERT_MISMATCH (-30)#Server certificate does not match supplied TargetHostname SapSSLSessionStartNB()==SSSLERR_SERVER_CERT_MISMATCH# TargetHostname = "testacig.ariba.com"# ServerCert.subject

Resolution

After the release of Managed Gateway for Spend&Network 1.5, we have added multiple proxy host to Managed Gateway for Spend&Network to increase the performance and stability thus the SNI profile parameter should be enabled in ERP.

To enable this parameter,

Open the t-code RZ11.
In the Maintain Profile Parameters screen, under the parameter name text box, enter "icm/HTTPS/client_sni_enabled" and press enter key.
In the Display Profile Parameter Details screen, click Change Value.
Set the New Value to "TRUE" and click Save.
Click Back, enter icm/HTTPS/client_sni_blacklist, and press enter key.
Make sure the Managed Gateway for Spend&Network host names are not blocklisted. If you have added the host for some reason, remove the value and click Save.

Since these are dynamic parameters, you do not require a restart of the SAP server. Please check the SAP Note in the Additional Information section for more details.

Cause

Server Name Indication (SNI) is a TLS extension, defined in RFC 6066. It enables TLS connections to virtual servers, in which multiple servers for different network names are hosted at a single underlying network address https://www.ietf.org/rfc/rfc6066.txt In most systems, this parameter comes enabled by default however you will need to ensure it is enabled.

Additional Information

How to confirm and test if the SNI (Server Name Indication) extension is active in my ERP

Applies To

SAP Integration Suite Managed Gateway > Managed Gateway for Business Network
SAP Integration Suite Managed Gateway > Managed Gateway for Business Network SCC > Managed Gateway for Buyer Business Network SCC
SAP Integration Suite Managed Gateway > Managed Gateway for Procurement
SAP Integration Suite Managed Gateway > Managed Gateway for Sourcing Integration