OpenLiberty · ramkumar-k-9286 · Sep 6, 2024 · Sep 6, 2024
diff --git a/modules/ROOT/pages/troubleshooting.adoc b/modules/ROOT/pages/troubleshooting.adoc
@@ -273,6 +273,7 @@ Exception thrown while trying to read configuration and update ManagedServiceFac
 This error occurs when a keystore element exists in the configuration without an ID field.
 If you use a minimal TLS configuration, set the `ID` field to `defaultKeyStore`.
 
+[#hostverify]
 === You receive the CWPKI0824E message that SSL handshake failure due to hostname verification error
 
 If you try to access a URL, you might see the following message.

diff --git a/modules/reference/pages/feature/transportSecurity/examples.adoc b/modules/reference/pages/feature/transportSecurity/examples.adoc
@@ -172,11 +172,25 @@ cert_defaultKeyStore="-----BEGIN CERTIFICATE-----
 [#hostverify]
 === Hostname and IP address verification
 
-In Open Liberty, hostname and IP address verification are enabled by default. This verification is enforced for target servers in all SSL connections through Open Liberty socket factories. However, you can specify a list of hostnames, IP addresses, or both to skip verification.
+Hostname and IP address verification are enabled by default. This verification is enforced for target servers in all SSL connections through Open Liberty socket factories. However, you can specify a list of hostnames, IP addresses, or both to skip verification.
+
+To disable hostname verification entirely, set the `verifyHostname` attribute within the `ssl` tag to `false`.
+
+[source,xml]
+----
+<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" verifyHostname="false"/>
+----
+
+When hostname verification is enabled, you can skip verification for hostnames or IP addresses that are specified in the `skipHostnameVerificationForHosts` attribute within the `ssl` tag.
+
+[source,xml]
+----
+<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" skipHostnameVerificationForHosts="myHost.com"/>
+----
 
 The verification makes sure that the hostname or IP address in the URL matches the Subject Alternative Name (SAN) in the SSL certificate of the server. If the SAN is not found, the property makes sure that the hostname in the URL matches the Common Name (CN). If a mismatch exists, the SSL connection is rejected.
 
-Typically, during hostname verification, when the hostname is used in the request, it checks against the DNSName entry in the SAN. If the SAN does not contain a DNSName entry, hostname verification uses the certificate owner's common name (CN). When an IP address is used in the request, hostname verification relies on the IP address information in the SAN only.
+Typically, during hostname verification, when the hostname is used in the request, it checks against the `DNSName` entry in the SAN. If the SAN does not contain a `DNSName` entry, hostname verification uses the certificate owner's Common Name (CN). When an IP address is used in the request, hostname verification relies on the IP address information in the SAN only.
 
-For more information, see xref:pages/troubleshooting.adoc#Troubleshooting_SSL[Troubleshooting SSL and TLS] 
+For more information, see xref:ROOT/troubleshooting.adoc#Troubleshooting_SSL[Troubleshooting SSL and TLS]