Consume SNI based APIs via SAP PO 7.5
We have been trying to integrate SAP ECC with one of the third parties REST API via SAP PO 7.5 (dual usage type). It’s Proxy to REST (Synch) scenario. API endpoint and Security key updated in the receiver SAP PO REST Communication channel. All the certificates (chain) deployed in SAP PO NWA Key Storage.
While testing, we have encountered SSL based issues – “SSLException while handshaking: Peer sent alert: Alert Fatal: unrecognized name”.
SAP PO Logs
We have used XPI Inspector to analyse the SSL errors and identified below issues:
Using Transport Protocol: HTTPS
Handshake Timeout: 0
Keep alive: false
TCP No Delay: false
Exception Occured: Peer sent alert: Alert Fatal: unrecognized name
Begin IAIK Debug:
ssl_debug(49386): Starting handshake (iSaSiLk 5.2)…
ssl_debug(49386): Sending v3 client_hello message to api.qua.txxxs.com:8xx3, requesting version 3.3…
ssl_debug(49386): Sending extensions: renegotiation_info (65281), signature_algorithms (13)
ssl_debug(49386): Received alert message: Alert Fatal: unrecognized name
ssl_debug(49386): SSLException while handshaking: Peer sent alert: Alert Fatal: unrecognized name
ssl_debug(49386): Shutting down SSL layer…
ssl_debug(49386): Closing transport…
End IAIK Debug.
We have used Qualy’s SSL Labs free online service (https://www.ssllabs.com/ssltest/analyze.html?d=api.txxxs.com) to performs a deep analysis of the configuration of api.txxxs.com SSL web server on the public Internet. As per the report, we have identified api.txxxs.com API requires SNI (Server Name Indication) support from any HTTP clients connecting to it.
By default, SNI extension is disabled in SAP PO. Connectivity issue between SAP PO and SNI based third party API got resolved post applying below OSS notes recommended by SAP:
2492386 – SSLException: Peer sent alert: Alert Fatal: unrecognized name
2604240 – TLS handshake failure due to missing SNI extension
2569156 – How to create, modify and validate SSLContext.properties file
Learn more about SNI: