Update webTarget disableCNCheck documentation to clarify two-layer hostname verification requirement (Liberty 24.0.0.9+)

[anagha-paulson]

Change the description of disableCNCheck in
https://www.ibm.com/docs/en/was-liberty/base?topic=configuration-webtarget

as below

Disables the Common Name Check. Valid values are true or false. This is equivalent to the com.ibm.ws.jaxrs.client.disableCNCheck programmatic property.

Note: Starting with Liberty 24.0.0.9 (APAR PH58796), this setting only disables JAX-RS layer hostname verification. To completely disable hostname verification, configure both:
• Set disableCNCheck="true" on <webTarget>
• Set verifyHostname="false" OR skipHostnameVerificationForHosts on the <ssl> configuration referenced by sslConfig

See the sslConfig parameter and IBM Support Document 7163230 for details.

[ramkumar-k-9286]

Hi @anagha-paulson

I believe this update needs to be made in WL.

You would need to create the issue here: (https://github.ibm.com/websphere/liberty-docs/issues)

Is there any change in this regard, that needs to be made to OL. If so, you can add that to this issue.

Else, you can create an issue in WL github and delete the issue here.

Regards,
Ramkumar

[anagha-paulson]

Hi @anagha-paulson

I believe this update needs to be made in WL.

You would need to create the issue here: (https://github.ibm.com/websphere/liberty-docs/issues)

Is there any change in this regard, that needs to be made to OL. If so, you can add that to this issue.

Else, you can create an issue in WL github and delete the issue here.

Regards, Ramkumar

Okay Thankyou So much, please check https://github.ibm.com/websphere/liberty-docs/issues/4620

[anagha-paulson]

Please check 4620