Skip to Content
Author's profile photo Former Member


It is not so rare to see customers facing the SSSLERR_SERVER_CERT_MISMATCH error in their Webdispatcher/ICM traces. Therefore, I’ll clarify better regarding such error.

The SSSLERR_SERVER_CERT_MISMATCH error means that the server is using a certificate where the CN part does not matches the hostname of URL server that client is trying to access. For a correct setup, the certificate CN and the host being accessed must match.

Whenever increasing the ICM/Webdispatcher trace level to 2, we’ll be able to see a more detailed information, such as:

[Thr XXXX]   MatchTargetName(<your FQDN>, CN=<your certificate CN>) MISmatch

Therefore, the solution is:

Either ensure that the server’s FQDN is correctly set or create a SSL Certificate where the CN matches it.

An workaround when using a webdispatcher is to set the following parameter to ignore this mismatch:

wdisp/ssl_ignore_host_mismatch = 1

NOTE: The wdisp/ssl_ignore_host_mismatch = 1 will ignore the mismatch error, but it will not solve it. Therefore, the error message will still be visible in the traces, but the system will not stop the communication because of the error.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Parag Jain
      Parag Jain

      We are facing the same issue in ABAP ICM. Is there an equivalent parameter for ABAP stack ?

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hello Parag,


      There is no parameter in the ICM layer that can bypass the mismatch issue. You can also refer to SAP Note 1318906 for further information on how to proceed then.


      Best Regards,
      Guilherme de Oliveira

      Author's profile photo Sandra Rossi
      Sandra Rossi

      I had the same error and the HTTP request could work by defining the below parameter, as explained in note ‚Äč2124480 - ICM / Web Dispatcher: TLS Extension Server Name Indication (SNI) as client.

      icm/HTTPS/client_sni_enabled = TRUE

      No idea if wdisp/ssl_ignore_host_mismatch = 1 could have worked.

      See context in this question: CL_HTTP_CLIENT download .zip file | SAP Community