How to check if hostname is trusted?

Once you have made sure that all the hostnames are reachable on port 443, you can move on to the next step to verify if the hostname is trusted by your system.

1. To make sure your ERP trusts Clear hostnames, download the production TLS certificates (all of host certificate, intermediate certificate(s) and root certificate) from https://docs.cleartax.in/cleartax-docs/clear-finance-cloud/cfc-api-reference#2.-production-environment and install them in your certificate manager (eg: STRUST or Keystore in case of SAP).

2. To verify this, use T-Code STRUST from SAP and check if all the TLS certificates are added, refer https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-import-ssl-tls-certificates-in-sap

3. You need to verify if the Serial Number, Validity and Common Name in the Subject match as shown below.

For certificate: wildcard.clear.in

For certificate: Go Daddy Intermediate:

For certificate: Go Daddy Root:

To verify if the connection is successful refer https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-test-connectivity-in-sap

If you have multiple instances, you will have to ensure that the trust succeeds in ALL of those instances.

After the update, you may need to restart the system (not just ICM, in some cases). In the worst case, if your system Kernel is very old, you may need to upgrade the kernel as well.

If the above steps are successful then you should be able to make successful requests from all your instances to Clear 100% of the time.

If for whatever reasons, the hostname is still not trusted, then your Network team needs to check if SNI is enabled and if the cipher suites are up to date by maintaining required parameters as mentioned in https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-check-icm-settings-in-sap