Connectivity from ERP to CIG (testacig.ariba.com/acig.ariba.com) fails with error "SSSLERR_SERVER_CERT_MISMATCH"

SSL handshake with testacig.ariba.com:443 failed: SSSLERR_SERVER_CERT_MISMATCH (-30)#Server certificate does not match supplied TargetHostname SapSSLSessionStartNB()==SSSLERR_SERVER_CERT_MISMATCH#  TargetHostname = "testacig.ariba.com"#  ServerCert.subject

After the release of CIG 1.5, we have added multiple proxy host to CIG to increase the performance and stability thus the SNI profile parameter should be enabled in ERP.

To enable this parameter,

1. Open the t-code RZ11.
2. In the Maintain Profile Parameters screen, under the parameter name text box, enter "icm/HTTPS/client_sni_enabled" and press enter key.
3. In the Display Profile Parameter Details screen, click Change Value.
4. Set the New Value  to "TRUE" and click Save.
5. Click Back, enter icm/HTTPS/client_sni_blacklist, and press enter key.
6. Make sure the CIG host names are not blocklisted. If you have added the host for some reason, remove the value and click Save.

Since these are dynamic parameters, you do not require a restart of the SAP server. Please check the SAP Note in the Additional Information section for more details.

Server Name Indication (SNI) is a TLS extension, defined in RFC 6066. It enables TLS connections to virtual servers, in which multiple servers for different network names are hosted at a single underlying network address https://www.ietf.org/rfc/rfc6066.txt In most systems, this parameter comes enabled by default however you will need to ensure it is enabled.

How to confirm and test if the SNI (Server Name Indication) extension is active in my ERP

SAP Ariba Buying and Invoicing
SAP Ariba Buying
SAP Ariba Sourcing
SAP Ariba Strategic Sourcing Suite
SAP Business Network