How to check if hostname is trusted?
- 1.To make sure your ERP trusts Clear hostnames, download the production TLS certificates (all of host certificate, intermediate certificate(s) and root certificate) from https://docs.cleartax.in/cleartax-docs/clear-finance-cloud/cfc-api-reference#2.-production-environment and install them in your certificate manager (eg: STRUST or Keystore in case of SAP).
- 2.To verify this, use T-Code STRUST from SAP and check if all the TLS certificates are added, refer https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-import-ssl-tls-certificates-in-sap
- 3.You need to verify if the Serial Number, Validity and Common Name in the Subject match as shown below.
Note: The images below reflect the information present in the current certificate as on the date of creating this document. If the certificate is updated in future, you will need to verify the details with the certificate downloaded from the provided link.
For certificate: wildcard.clear.in
For certificate: Go Daddy Intermediate:
For certificate: Go Daddy Root:
If you have multiple instances, you will have to ensure that the trust succeeds in ALL of those instances.
Note: The certificates will be renewed every year and you may have to update the same in the certificate manager (STRUST in SAP) as and when it is updated.
After the update, you may need to restart the system (not just ICM, in some cases). In the worst case, if your system Kernel is very old, you may need to upgrade the kernel as well.
If the above steps are successful then you should be able to make successful requests from all your instances to Clear 100% of the time.
If for whatever reasons, the hostname is still not trusted, then your Network team needs to check if SNI is enabled and if the cipher suites are up to date by maintaining required parameters as mentioned in https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-check-icm-settings-in-sap