cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Connecting to Workflow API from ABAP: SSSLERR_SERVER_CERT_MISMATCH

Go to solution
MioYasutake
SAP Champion
SAP Champion

on ‎2020 Nov 25 12:36 AM

0 Kudos
1,557

Hi experts,

I'm trying to call workflow web APIs from ABAP system(Developer Edition) by referring to below blog post.

https://blogs.sap.com/2019/07/24/call-sap-cloud-platform-workflow-from-abap-using-an-oauth-access-to...

I have created two destinations in SM59, one for oAuth token endpoint, and the other for API endpoint. I have imported certificates for both endpoints. (Below images are imported certificates in STRUST)

  • Certificate for oAuth token endpoint

  • Certificate for API endpoint

I tested connection from SM59, and for the oAuth token endpoint it was successful. However, for the API endpoint, I'm receiving the following error.

SSL handshake with
api.workflow-sap.cfapps.eu10.hana.ondemand.com:443
failed: SSSLERR_SERVER_CERT_MISMATCH (-30)#Server
certificate does not match supplied TargetHostname
(rfc2818 section
3.1)##SapSSLSessionStartNB()==SSSLERR_SERVER_CERT_
MISMATCH#  TargetHostname     =
"api.workflow-sap.cfapps.eu10.

Below images are destination settings for the API endpoint.

Below log is the result of ICM trace.

[Thr 139929970353920] *** ERROR => SSL handshake with api.workflow-sap.cfapps.eu10.hana.ondemand.com:443 failed: SSSLERR_SERVER_CERT_MISMATCH (-30)
[Thr 139929970353920] Server certificate does not match supplied TargetHostname (rfc2818 section 3.1)
[Thr 139929970353920]
[Thr 139929970353920] SapSSLSessionStartNB()==SSSLERR_SERVER_CERT_MISMATCH
[Thr 139929970353920]   TargetHostname     = "api.workflow-sap.cfapps.eu10.hana.ondemand.com"
[Thr 139929970353920]   ServerCert.subject = <CN=*.cf.eu10.hana.ondemand.com, O=SAP SE, L=Walldorf, C=DE>
[Thr 139929970353920]   ServerCert.SANs    = dNSName=*.authentication.cert.eu10.hana.ondemand.com, dNSName=authentication.cert.eu10.hana.ondemand.com, dNSName=*.cert.c
[Thr 139929970353920]   SSL NI-hdl 114: local=172.17.0.2:41702  peer=3.124.208.223:443
[Thr 139929970353920]  {0002007e} {root-id=0242AC1100021EDB8BD5D969FA63F098} [icxxconn.c 2419]
[Thr 139929970353920]              GUI T4_U46_M0, 001, DEVELOPER, DESKTOP-4N6I49U, time=00:20:40, W0, program=RSHTTPPIN, high priority, memory=0, tasks=1, appl info=,
[Thr 139929970353920]              role: Client, protocol: HTTPS, local: 172.17.0.2:41702, peer: 3.124.208.223:443

It looks as if the server wrongly picked token endpoint's certificate, instead of API endpoint. Does anybody has an idea how to solve this issue?

Regards,

Mio

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

MioYasutake
SAP Champion
SAP Champion
‎2020 Nov 27 10:17 AM

The issue has been resolved after applying the solution suggested here.

https://answers.sap.com/questions/599994/ssslerrservercertmismatch.html

Show replies
Show replies

Answers (1)

Answers (1)

sankar_27
Active Participant
‎2020 Nov 25 2:19 PM
0 Kudos

Hi Mio

have you enabled the SSL port ( 443 )? If yes update the technical settings in RFC destinations

Thanks , Sankar

Show replies
Show replies
MioYasutake
SAP Champion
SAP Champion
‎2020 Nov 26 9:25 PM
0 Kudos

Hi sankar_27,

Thank you for your response.

I think SSL is active because the request to oAuth token endpoint (which is also SSL) is successful. (I'm not basis person and don't know how to check this)

Below is technical settings of the API endpoint.

Ask a Question