SSSLERR_SERVER_CERT_MISMATCH

Similar Messages

• Unified communication certificates  (UCC) : SSSLERR_SERVER_CERT_MISMATCH

  Hello ,
  We are using UCC (unified communication certificates) which allows us
  to include multiple domains controlled in a single certificate.
  http://help.godaddy.com/article/3908
  We are trying to setup a secure connection from SAP ECC6 (Abap stack
  7.01 SPS6) to the adress : https://serverA
  When using IE, and examining the certificate installed at this adress, CN=serverB,
  which contains several domains including serverA.
  The ICM is in the client role
  The following entry is displayed in the trace:
  [Thr 1] Tue Jun 28 15:30:06 2011
  [Thr 1] TRACE FILE TRUNCATED
  [Thr 6] Tue Jun 28 15:30:14 2011
  [Thr 6] MatchTargetName
  ("serverA", "CN=serverB OU=Global IT, O=****, L=****, C=FR") FA
  [Thr 6] SSL NI-sock: local=160.92.204.42:53988 peer=160.92.209.8:443[Thr 6] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x6000000005ce4510)
  ==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 6] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn_m
  There is apparently a certificate mismatch issue, SAP ICM is expecting
  the CN to be "serverA", instead of "serverB"
  I had a look at sap note "Note 1318906 - Trace analysis of SSL
  problems" which states that
  "the certificate that is returned by the server is issued for a
  different server name and is therefore rejected"
  But by definition, when using UCC, several domains and hostnames are
  secured within one CN. It means that serverA domain is
  included in CN=serverB
  Therefore when accessing the application with IE, there are no errors.
  Is there an option on SAP ECC to be able to handle such certificates?
  Thank you very much for your help.
  Best Regards.

  Hi Susan,
  Please check the links with the same issue:
  Adapter URL - hostname vs FQDN
  Error using HTTPS
  Internal Server Error in PI 7.1
  Regards,
  Naveen

• SSSLERR_SERVER_CERT_MISMATCH when configuring end to end SSL

  We are configuring the scenario of end-to-end SSL on the web dispatcher
  to a central instance NW2004S system (XI). We have followed the
  installation guides for the web dispatcher and the procedures for
  enabling SSL on the ABAP and JAVA stacks. The document "Configuring
  SSL on the Web Dispatcher" states that you need to request a
  certificate for the JAVA stack in the name of the web dispatcher so you
  do not get the "invalid certificate or does not match the name of the
  site". This piece works fine.
  Configuring the ABAP stack is different. If we configure the ABAP
  stack in the conventional way (CN=hostname, OU=x, O=x, U=US), then we
  have no problems hitting the servers directly to test SSL, but when we
  try to do a redirect to the Web AS ABAP stack functionality (like
  Webgui), I get the above certificate error. Basically, anything with
  the url ending in /sap/bc, /sap, etc, routed to the ABAP stack.
  If we try to use the methodology specified for the JAVA stack, and
  request a certificate in the name of the web dispatcher, I get the
  following error:
  [Thr 4] Mon Aug 13 21:24:14 2007
  [Thr 4] MatchTargetName("FQDN-Central Instance", "CN=FQDN-Web
  Dispatcher Server, OU=XXX, O=XXX, C=US") FAILS
  [Thr 4] SSL socket: local=0.0.0.0:0 peer=0.0.0.0:0
  [Thr 4] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x100c16940)
  ==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 4] *** ERROR => MsHttpLBThread: SapSSLSessionStart (rc=-30)
  SSSLERR_SERVER_CERT_MISMATCH [msxxhttp_mt. 7265]
  I see this in the ASCS dev_ms trace file for the ABAP stack. The SCS
  dev_ms file is fine.
  If I change the requested host back to the name of the CI and get
  another certificate in the CI's name, there are no errors but I get the
  pop up warning about the certificates. I can't use the web dispatcher
  for what I want (XI load balancing).
  I have searched SAP Notes and SDN and have not come up with any leads.

  I solved this problem by setting the following profile parameter on my webdispatcher profile.
  wdisp/ssl_ignore_host_mismatch = true
  Doesn't fix the underlying problem but got me going until I can figure it out.

• Internal Server Error in PI 7.1

  Hi,
  We have recently moved from XI 3.0 to PI 7.1. We have built an IDoc to file scenario that is resulting in error with information as below:
  <SAP:Category>XIServer</SAP:Category>
    <SAP:Code area="INTERNAL">CLIENT_RECEIVE_FAILED</SAP:Code>
    <SAP:P1>407</SAP:P1>
    <SAP:P2>ICM_HTTP_SSL_ERROR</SAP:P2>
    <SAP:P3>(See attachment HTMLError for details)</SAP:P3>
    <SAP:P4 />
    <SAP:AdditionalText />
    <SAP:Stack>Error while receiving by HTTP (error code: 407 , error text: ICM_HTTP_SSL_ERROR) (See attachment HTMLError for details)</SAP:Stack>
  HTML error is attached to Payload in the message with error information as below:
  500 Native SSL error
  Error: -14
  Version: 7011
  Component: ICM
  Date/Time: Fri Aug 13 14:33:05 2010 
  Module: icxxconn_mt.c
  Line: 1911
  Server: v005_PIS_00
  Error Tag:
  Detail: IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH
  Observations:
  Idoc submitted by SAP system is well received by PI system, Mapping is successfully executed to produce the target message. Message has stopped in Inbound Queue with info "XI Error CLIENT_RECEIVE_FAILED.INTERNAL: Queue stopped".
  Inference:
  Now it should be the turn for Integration engine to submit the message to adapter engine, but I suspect internal communication between these two components have failed.
  I think a parameter change should solve this problem. May be it is parameter in rz10 or exchange profile?
  Please provide your inputs to resolve the issue.
  Thanks,
  Suraj

  Thanks for the replies.
  In the preliminary analysis, it is found that Integration Engine and Adapter Engine connectivity is not maintained correctly.
  Instead of  https://<sid>:/sap/xi/engine?type=entry, it should be maintained as  http://<sid>:/sap/xi/engine?type=entry
  We need to find the place where this setting can be done and hence restore the connection.
  Inference is made based on SLDCHECK that shows the url as 'http://<sid>:/sap/xi/engine?type=entry' and in the audit log of the monitoring it shows as https://<sid>:/sap/xi/engine?type=entry
  Best Regards,
  Suraj

• Error when configuring Web Dispatcher for SSL with Enterprise Portal

  We are in the process of configuring the Web Dispatcher using SSL to connect to our Enterprise Portal (the Web Dispatcher will be in the DMZ).  We have followed all of the help.sap.com guides and now have SSL listening on the EP side (port 8103).  We are now receiving this strange certificate error when we start the Web Dispatcher:
  [Thr 5332] Tue Mar 20 00:36:23 2007
  [Thr 5332]   MatchTargetName("<FULLY QUALIFIED HOSTNAME>", "CN=XXX, OU=XXX, O=XXXX, C=XX") FAILS
  [Thr 5332]   SSL socket: local=<IPADDRESS>:4742  peer=<IPADDRESS>:8103
  [Thr 5332] <<- ERROR: SapSSLSessionStart(sssl_hdl=009D7670)==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 5332] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn.c 2005]
  [Thr 5332] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx.c      4919]
  [Thr 5332] *** ERROR => Could not connect to SAP Message Server at <FULLY QUALIFIED HOST NAME>. URL=/msgserver/text/logon?version=1.2 [icrxx.c      2301]
  [Thr 5332] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c      2302]
  [Thr 5332] *** ERROR => see also OSS note 552286 [icrxx.c      2303]
  We have gone through the trouble shooting note 552286 as listed in the error above.  Any assistance is appreciated.

  Hello, did you receive any resolution for this problem?  We are receiving a similar error and I am unsure of how to resolve.

• Webdispatcher SSL load balance server mismatch errors

  We are setting up a webdispatcher to access an Enterprise Portal with multiple instances.  Currently it is working but we are having to overide host mismatches.  in webdispacther log we see
  [Thr 4856] Mon Mar 07 11:38:02 2011
  [Thr 4856] MatchTargetName("aaa.mycompany.com", "CN=bbb.mycompany.com, OU=xxx, O=ooo, L=ccc, SP=sss, C=US") FAILS
  [Thr 4856] SSL NI-sock: local=##.21.13.137:50746 peer=##.21.13.131:51001
  [Thr 4856] <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000008565100)==SSSLERR_SERVER_CERT_MISMATCH
  The Portal instances are on
  aaa.mycompany.com
  bbb.mycompany.com
  Currently have a CA approved certificate for each server installed in the portal.  Dispatcher on aaa uses aaa cert, dispatcher on bbb uses bbb cert.
  Message server is on aaa, but it will load balance and place you on either instance.
  have following related parameters
  wdisp/ssl_encrypt = 2
  wdisp/ssl_auth = 2
  wdisp/ssl_cred = C:\usr\sap\XXX\W00\sec\XXX.pse
  wdisp/ssl_certhost = aaa.mycompany.com
  wdisp/ssl_ignore_host_mismatch = TRUE
  C:\usr\sap\XXX\W00\sec\XXX.pse has ssl cert of both aaa and bbb servers.
  All seems to be working, as users are load balancing.  They are not getting certificate mismatches in their browser anymore.  We are getting the SSSLERR_SERVER_CERT_MISMATCH errors, but the messages do not seem to cause an issue since we have wdisp/ssl_ignore_host_mismatch set.
  Can we eliminate those mismatch errors instead of masking the problem with wdisp/ssl_ignore_host_mismatch?
  Should each portal instance have their own ssl cert, or is there a way to use one cert such as the aaa.mycompany.com cert on each portal instance?  It seems like that might eliminate the mismatch errors.  However, what happens when you go directly to the bbb.mycompany.com portal instance? there is a certificate error if you specify aaa's and you go to bbb.  I was wondering if the wdisp/ssl_auth and wdisp/ssl_certhost are valid in the portal system so that each server uses the aaa server and certificate.  I could not tell if this parameter is valid for java-only portal systems.
  Thanks for your help.
  Edited by: Fett Patrick on Mar 7, 2011 8:35 PM

  Thank you Martin for your prompt reply.  Can you clarify please, can we use the wdisp/ssl_certhost parameter in the instance profiles of the portal instances?  I wasn't sure if that is only valid for webdispatchers or can also be used in abap/java systems?
  We orginally had the aaa server certificate listed for each dispatcher in the portal under ssl provider runtime server identity.  That caused a browser "certificate error" when accessing the bbb server.  So we then installed an ssl certificate for bbb for its dispatcher.  We could then go to either server with no browser "certificate mismatch" error.
  Then when we added the webdispatcher, we started getting the server mismatch errors at the webdispatcher level.  If the wdisp/ssl_certhost can be used in the portal profiles, then that would hopefully resolve direct access or via web dispatcher aceess mismatches.  I.E. only the aaa ssl certificate would be used and parameters would be set at both the webdispatcher and portal profiles
  Thanks, Pat.

• Adapter URL - hostname vs FQDN

  I see the following error in dev_icm:
  MatchTargetName("<hostname>", "CN=<hostname.domain.com, OU=XXXXXXXX, O=XXXXXXXXXXXXXX
  SSL NI-sock: local=<IP >:63071  peer=<IP>:<https java port>
  <<- ERROR: SapSSLSessionStart(sssl_hdl=0x1059a4a20)==SSSLERR_SERVER_CERT_MISMATCH
  ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn_m
  ERROR => URLDecode recognised invalid sign in form field [ictxxfilt_mt 248]
  ERROR => illegal request [http_auth_mt.c 470]
  The issue seems to be that the certificate is for FQDN and request is
  with just the hostname. Also in the sld the adapter engine urls are all
  hostname:port. Where do I change this such that it uses the FQDN:port.
  Any direction is much appreciated.
  Thanks
  S.

  somewhat similar problem solved in the below thread:
  Web UI does not work after deployment of BBPCRM SP for CRM 7
  P.N.: the above thread is not related to XI/PI......giving for your reference

• Access /sap/monitoring/SystemInfo to HTTPs fails.

  I have CRM (abap+java ), and I have configured the access HTTPs to ICM
  of CRM. If I connect to my j2ee page: https://sapcc1ci.correos.es:1443
  works successfully, and all links (User Management, SQL Trace, etc..)
  except System Information work successfully.
  My link on the J2EE page to 'System Information' points
  to /sap/monitoring/SystemInfo
  (https://sapcc1ci.correos.es:1443/sap/monitoring/SystemInfo) fails with
  error HTTP 404 - file not found. But if I access to HTTP
  (http://sapcc1ci.correos.es:50000/sap/monitoring/SystemInfo) works
  successfully.

  Hello,
  I have generated the certificate, with the steps of http://help.sap.com/saphelp_nw04/helpdata/en/db/1f1740198d8f5ce10000000a155106/frameset.htm, and the type selected is "SAP J2EE Server". I have exported a key or certificate entry to the file system export.csr (attached) and then imported a CSR response im.crt.
  I have restarted the icm, anf If I try to connect URL: https://sapcc1ci.correos.es:1443/ the system reports the message Detail: Cannot reach external Application Server on 10.88.130.222:50001
  and in the dev_icm reports:
  Thr 1286] MatchTargetName("10.88.130.222", "CN=sapcc1ci.correos.es") FAILS
  Thr 1286] SSL socket: local=10.88.130.220:34882 peer=10.88.130.222:50001
  Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=1151448b0)==SSSLERR_SERVER_CERT_MISMATCH
  Thr 1286] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxpool_mt. 1968]
  Thr 1286] MatchTargetName("10.88.130.222", "CN=sapcc1ci.correos.es") FAILS
  Thr 1286] SSL socket: local=10.88.130.220:34883 peer=10.88.130.222:50001
  Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=1151448b0)==SSSLERR_SERVER_CERT_MISMATCH
  Thr 1286] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxpool_mt. 1968]
  Thr 1286] Wed Feb 21 16:01:56 2007
  I have attached the dev_icm_210207.
  Other parameters in my system:
  icm/server_port_0 = PROT=HTTP,PORT=8000,EXTBIND=1
  icm/server_port_1 = PROT=HTTPS,PORT=1443,TIMEOUT=900
  icm/HTTPS/verify_client = 1
  ssf/name = SAPSECULIB
  ssf/ssfapi_lib = /usr/sap/CC1/SYS/exe/run/libsapcrypto.o
  sec/libsapsecu = /usr/sap/CC1/SYS/exe/run/libsapcrypto.o
  PREFIX=/,HOST=10.88.130.222,CONN=0-500,PORT=50000,SPORT=50001,SSLENC=1,TYPE=1

• Regarding Error in AXIS framework

  Hi Experts,
  I have a requirement of using AXIS framework in Receiver SOAP ADAPTER in PI 7.0 server with UsernameToken security with PasswordDigest.
  I have deployed all the relevant .jar files in .sda file and entires have been made in provider.xml.
  When ever i am testing my scenario i am getting following error in communication channel monitoring
  *Axis: error in invocation: java.net.SocketException: Connection timed out:could be due to invalid address*
  Also i am using URL as https://XYZ
  Could you please let me know is this error is  because of invalid URL,username and password or something else is missing in configuration.
  Please help me out on this
  Thanks in advance
  Anku Chopra

  Hi Volker,
  I am back.
  We had some connectivity issues with HTTP and fortunately it got resolved.
  Now as we are moving into HTTPS  i am getting following error in SMICM
  [Thr 2057]   SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"
  [Thr 2057] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
  [Thr 2057] SecudeSSL_SessionStart: SSL_accept() failed --
    secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
  [Thr 2057] >> -
  Begin of Secude-SSL Errorstack -
  >>
  [Thr 2057] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
  [Thr 2057] << -
  End of Secude-SSL Errorstack -
  [Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb10)==SSSLERR_SSL_ACCEPT
  [Thr 2057] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]
  [Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb50)==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 1286] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn
  [[Thr 2828] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb50)==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 2828] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn
  [Thr 772] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f52770)==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 772] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn_
  [Thr 2057]   SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"
  [Thr 2057] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
  [Thr 2057] SecudeSSL_SessionStart: SSL_accept() failed --
    secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
  [Thr 2057] >> -
  Begin of Secude-SSL Errorstack -
  >>
  [Thr 2057] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
  [Thr 2057] << -
  End of Secude-SSL Errorstack -
  [Thr 2057]   SSL NI-sock: local=10.120.58.115:44300  peer=10.120.58.115:40671
  [Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fe70)==SSSLERR_SSL_ACCEPT
  [Thr 2057] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]
  Moreover do we need to create any RFC destination in sm59 for HTTP Connections to External Server to enable HTTPS.
  Please provide your valuable inputs on this.
  Thanks
  Anku chopra

• /sap/monitoring/SystemInfo without password

  Hi,
  Is there a way to make the SystemInfo page public.
  In other words I want to retrieve the page automatically from a script without a login.

  Hello,
  I have generated the certificate, with the steps of http://help.sap.com/saphelp_nw04/helpdata/en/db/1f1740198d8f5ce10000000a155106/frameset.htm, and the type selected is "SAP J2EE Server". I have exported a key or certificate entry to the file system export.csr (attached) and then imported a CSR response im.crt.
  I have restarted the icm, anf If I try to connect URL: https://sapcc1ci.correos.es:1443/ the system reports the message Detail: Cannot reach external Application Server on 10.88.130.222:50001
  and in the dev_icm reports:
  Thr 1286] MatchTargetName("10.88.130.222", "CN=sapcc1ci.correos.es") FAILS
  Thr 1286] SSL socket: local=10.88.130.220:34882 peer=10.88.130.222:50001
  Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=1151448b0)==SSSLERR_SERVER_CERT_MISMATCH
  Thr 1286] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxpool_mt. 1968]
  Thr 1286] MatchTargetName("10.88.130.222", "CN=sapcc1ci.correos.es") FAILS
  Thr 1286] SSL socket: local=10.88.130.220:34883 peer=10.88.130.222:50001
  Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=1151448b0)==SSSLERR_SERVER_CERT_MISMATCH
  Thr 1286] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxpool_mt. 1968]
  Thr 1286] Wed Feb 21 16:01:56 2007
  I have attached the dev_icm_210207.
  Other parameters in my system:
  icm/server_port_0 = PROT=HTTP,PORT=8000,EXTBIND=1
  icm/server_port_1 = PROT=HTTPS,PORT=1443,TIMEOUT=900
  icm/HTTPS/verify_client = 1
  ssf/name = SAPSECULIB
  ssf/ssfapi_lib = /usr/sap/CC1/SYS/exe/run/libsapcrypto.o
  sec/libsapsecu = /usr/sap/CC1/SYS/exe/run/libsapcrypto.o
  PREFIX=/,HOST=10.88.130.222,CONN=0-500,PORT=50000,SPORT=50001,SSLENC=1,TYPE=1

• Enable https connection to the portal

  Dear all,
  i tried to implement an https connection to my portal environment but i received this error:
  "IisProxy.dll: 500 Internal Server Error
  ProxyWorker(): IOException: SapSSLStart() failed: -30 (SSSLERR_SERVER_CERT_MISMATCH)
  at SapConnection.cpp:719".
  The connection is not made direct to the portal application enviroment on the port 50001 but through a reverse proxy.
  Is there someone that can help to undesrtstand this error message ot could indicate how to find a guide to implement the https?
  Regards

  First, did you apply note 715303 for IIS 6.0?
  Second, docs for IISProxy and J2EE are not the best in the world.  I have docs from 6.20 that I still use today.  I just scanned them and have them as jpg's in a 6 meg zip file.  Go to my business card and e-mail me your e-mail address and I will send the docs.

• SSL mismatch while sending PO usingHTTPS

  I am trying to send PO to vendors using https post using RFC and PROXY. I have installed the SAP Crypto library and configured SSL as stated below. I am not sure what is missing .
  If I need to snd the PO what certificates hsould I import in strust from vendor and where.  And what certificates should I send them.
  Please let me know.
  Thanks
  Deleted all the certificates.
  2. Restarted the system (usually if you restart ICM is enough)
  3. Create System PSE
  CN=NW5,
  OU=IT,
  OU=DAIMLERCHRYSLER,
  O=SAP Trust Community, C=US, SP=MICHIGAN, L=AHILLS
  4. Right Click on SSL Server and Click Create
  CN= *.oddc.chrysler.com
  OU=IT,
  OU=DAIMLERCHRYSLER,
  O=SAP Trust Community, C=US, SP=MICHIGAN, L=AHILLS
  it creates the instance odxgsd03 with full host
  odxsd03.oddc.chrysler.com under it.
  5. Client on the instance odxgsd03 and click on create ceritifcate
  request and copy from that window. and requested the server
  certificate(trial 14 days) from verisign I am going forwarded the
  verisign mail for that.
  6. In note 510007 it says to import that certificate on instance under
  SSL Server through option goto --> import certificate response. But
  it didn't work then imported using import option at the bottom .
  7. And also imported the test root ca, intermedite CA of verisign into
  SSL Servers.
  8. Then did sametime with SSL Client standard.(step 5 and 6).
  9. Imported test and production Boise into SSL Client standard .
  10. restarted the system.
  11. SM59 RFC Name: BOISECASCADE type:G and connection failed .
  And SMICM log gives following messages:
  [Thr 2057] Tue Dec 12 21:57:44 2006
  [Thr 2057] MatchTargetName("https://inet-portal.bcop.com", "CN=inet-
  portal.bcop.com, OU=Terms of use at www.verisign.com/rpa (
  [Thr 2057] SSL socket: local=53.231.101.48:42333
  peer=53.231.44.20:9080
  [Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110e63c30)
  ==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 2057] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart fa
  [attachment "cert.zip" deleted by Shashidhar Bathula/ITM/DCC/DCX] iled
  (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn
  I am not sure what is going wrong.

  Regarding step 6:
  When importing the certificate response. Use base-64 encoded format. Also include the other certficate(s) in the chain. I.e: If there's on root, one intermediate then your signed certificate, your import text will look something like this:
  BEGIN CERTIFICATE----
  blablablabla
  blablablabla
  END CERTIFICATE----
  BEGIN CERTIFICATE----
  blablabla
  blablablabla
  END CERTIFICATE----
  BEGIN CERTIFICATE----
  blablabla
  blablablabla
  END CERTIFICATE----
  -AD