Does SMP 3.0 support wildcard certificates?

Folks,

I have successfully imported a wildcard certificate and corresponding root/intermediate certificates into the keystore for an Odata service.

The endpoint resides at *.sapdemocloud.com, so my "smp_keystore.jks" should look like this:

The wildcard certificate imported looks like this:

After creating a hybrid app configuration on my local SMP 3.0 I am not able to ping the OData service residing on this site which uses wildcard certificates.

The log file tells me that SSL failed to validate the certificate:

2014 11 18 11:37:31#0-200#DEBUG#org.apache.tomcat.util.net.jsse.JSSESupport##anonymous#http-bio-8083-exec-9###Error trying to obtain a certificate from the client javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)

        at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:99)

        at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:156)

        at org.apache.coyote.http11.Http11Processor.actionInternal(Http11Processor.java:256)

        at org.apache.coyote.http11.AbstractHttp11Processor.action(AbstractHttp11Processor.java:848)

        at org.apache.coyote.Request.action(Request.java:346)

        at org.apache.catalina.connector.Request.getAttribute(Request.java:956)

        at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:284)

        at javax.servlet.ServletRequestWrapper.getAttribute(ServletRequestWrapper.java:120)

        .......

        at org.apache.cxf.transport.https.SSLUtils.propogateSecureSession(SSLUtils.java:555)

        at org.apache.cxf.transport.http.AbstractHTTPDestination.setupMessage(AbstractHTTPDestination.java:374)

        at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:87)

        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:464)

        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:149)

        at org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPut(AbstractHTTPServlet.java:120)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:758)

I have created a different hybrid app with the backend Odata just like explained here: Getting Started with Kapsel - Part 1 and the ping works.

Basically the same steps to create both apps were taken. The only difference is the fact that the second one uses wildcard certificates.

Which leads me into thinking that SMP 3.0 doesn't handle this type of certificate.

I am using SMP 3.0 SPS04 PL02:

Any ideas?

BR,

Ivan