gauravshar
asked on
SSL Cert mismatch error
Hi..
In order to have a secured and trusted communication between our SAP PI system and our partner, we bought the public SSL Cert and sent to our partner for import to their system (which is to be able to connect to our server and drop some files). When the partner is browsing the URL that we gave him, he is saying that our server is not sending the actual SSL cert that we shared with the partner. That means the Cert mismatch error is found which is halting the further testing. During the handshake our server, seems like, is sending the self signed cert by default, instead of the SSL cert that we bought. Our side of OS is AIX and SAP is installed on it.
In order to have a secured and trusted communication between our SAP PI system and our partner, we bought the public SSL Cert and sent to our partner for import to their system (which is to be able to connect to our server and drop some files). When the partner is browsing the URL that we gave him, he is saying that our server is not sending the actual SSL cert that we shared with the partner. That means the Cert mismatch error is found which is halting the further testing. During the handshake our server, seems like, is sending the self signed cert by default, instead of the SSL cert that we bought. Our side of OS is AIX and SAP is installed on it.
Giovanni
The certificate needs to be installed on the server hosting the service. Anyone accessing that service will be presented with the certificate (containing the public key) automatically.
You need to install the SSL cert on your server.
the server certificate should have the subject name stating the server fqdn or website domain including hostname. this ssl server also need to ensure it is performing server authentication purpose as stated in the certificate. I do suspect the certificate is not in the SAP service server or user has browsed through some proxy which is why the actual server cert is not send over ... may have to also check its browser if there is any proxy plugin etc
ASKER
The cert is already installed on the server..
ASKER
It looks like the cert is not installed at the right place somewhere. when I browse the site internally too, it shows the self signed cert, not the SSL cert.
Minimally the cert need to be in the machine certificate store e.g.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/16/1bb23bdb0d0156e10000000a11402f/content.htm
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/16/1bb23bdb0d0156e10000000a11402f/content.htm
If you bought the certificate from an authority like Verisign, check if your server has them as a provider. Many times, we find smaller providers like ncode etc, that are not accepted as these authorities certificates are not added to the servers or authorities certificate list. You can check if the authority that issued you the certificate is on your server if you have internet explorer or firefox. Go to Edit -> Preferences -> Advanced -> Certificates -> View Certificates in firefox to find out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I proposed http://#ID:41703622 as the solution to this question since it run through the proper steps by SAP guide in importing of SSL certificate into SAP web server. The link has more details on the guidance.
Noted thanks for the advice and will consider it. just that my writing skills for article has been below acceptable level of the editorial team..maybe is because of the topic that I chose.