It is not so rare to see customers facing the SSSLERR_SERVER_CERT_MISMATCH error in their Webdispatcher/ICM traces. Therefore, I’ll clarify better regarding such error.
The SSSLERR_SERVER_CERT_MISMATCH error means that the server is using a certificate where the CN part does not matches the hostname of URL server that client is trying to access. For a correct setup, the certificate CN and the host being accessed must match.
Whenever increasing the ICM/Webdispatcher trace level to 2, we’ll be able to see a more detailed information, such as:
[Thr XXXX] MatchTargetName(<your FQDN>, CN=<your certificate CN>) MISmatch
Therefore, the solution is:
Either ensure that the server’s FQDN is correctly set or create a SSL Certificate where the CN matches it.
An workaround when using a webdispatcher is to set the following parameter to ignore this mismatch:
wdisp/ssl_ignore_host_mismatch = 1
NOTE: The wdisp/ssl_ignore_host_mismatch = 1 will ignore the mismatch error, but it will not solve it. Therefore, the error message will still be visible in the traces, but the system will not stop the communication because of the error.