I’m writing on behalf of our client.
Since the recent server certificate renewal on our side, the SdI client (source IP 217.175.55.18) fails to establish a TLS connection to our endpoint. Our gateway logs show the TLS handshake proceeding normally (TLS 1.2 negotiated, compatible cipher suites available) until the server certificate is presented, at which point your client aborts the handshake with TLS fatal alert 42 (bad_certificate). This means that the SdI client is actively rejecting the new server certificate. No HTTP request ever reaches the application layer.
The server certificate was renewed and now has the following properties:
-
Subject: CN=xxx
-
Issuer: Sectigo Public Server Authentication CA DV R36 (C=GB, O=Sectigo Limited)
-
Valid: May 4, 2026 – November 18, 2026
-
SHA-1 fingerprint: xxx
-
Key: RSA 2048, sha256WithRSAEncryption
All other clients connect without issues, which indicates the problem seems to be related to the SdI TLS client configuration.
Any hints are really appreciated. We tried to get in touch with the SdI but not really successful yet.
Best regards
Gerald