HCL Connections 8.0 CR9 currently lists in its system requirements WebSphere 8.5.5 FP26 as its highest supported WebSphere version. However, I suspect that CR10 will try to support FixPack 27, which became available on April 21st. Brave companies might just update their servers with the latest fixpack, and usually that works just fine. This fixpack, however, has introduced changes in outbound TLS certificate hostname validation. What it does is if WebSphere will make a connection to https://example.acme.org, it will check if the certificate that example.acme.org returns contains my server.acme.org in either the hostname or as a subject alternative name (SAN). If it doesn’t, you’ll be greeted with a message:
This is a companion discussion topic for the original entry at https://blog.martdj.nl/2025/05/02/websphere-8-5-5-fp27-hcl-connections-beware/