2022 Jan 18 7:59 AM
Hi
We are connecting to a customer's SAP system via SAProuter.
Currently getting an error on our side that:
*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [D:/depot/bas/75 3604]
GSS-API(maj): Miscellaneous failure
GSS-API(min): A2200223:Peer certificate path not trusted
Unable to establish the security context
target="p:CN=CLIENT_CERTIFICATE"
On the customer side, they get a similar error:
*** ERROR => SncPEstablishContext(): SNCERR_AUTH_MISMATCH -- wrong peer!
expecting = "p:CN=sapserv1, OU=SAProuter, O=SAP, C=DE"
but peer is = "p:CN=MY_CERTIFICATE"
I have installed CN=CLIENT_CERTIFICATE in my pse file.
The customer have installed CN=MY_CERTIFICATE in their pse file.
Customer is starting their saprouter with:
C:\usr\sap\saprouter\saprouter.exe -r -W -K p:CN=CLIENT_CERTIFICATE
I'm starting my saprouter in a similar fashion but with -K p:CN=MY_CERTIFICATE
Yes, customer is having CN=sapserv1, OU=SAProuter, O=SAP, C=DE in their saprouttab, but that is for SAP to connect.
In my saprouttab I have an entry:
KP "p:CN=CLIENT_CERTIFICATE" 159.x.x.x 3299
P 10.x.x.x 159.x.x.x 3299
Why would SAProuter think we're using the sapserv1 certificate instead of the one specified?
And most importantly, how can I fix this?