Talend · yyin-talend · Jan 15, 2026 · Dec 8, 2025 · Dec 19, 2025 · Dec 25, 2025
diff --git a/vault-client/src/main/java/org/talend/sdk/components/vault/client/VaultClientSetup.java b/vault-client/src/main/java/org/talend/sdk/components/vault/client/VaultClientSetup.java
@@ -49,6 +49,7 @@
 import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.client.WebTarget;
 
+import org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.talend.sdk.components.vault.configuration.Documentation;
 
@@ -190,15 +191,22 @@ private ClientBuilder createClient(final ExecutorService executor, final Optiona
             final Optional<String> keystoreType, final String keystorePassword, final Optional<String> truststoreType,
             final List<String> serverHostnames) {
         final ClientBuilder builder = ClientBuilder.newBuilder();
+        final DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier();
         builder.connectTimeout(connectTimeout, MILLISECONDS);
         builder.readTimeout(readTimeout, MILLISECONDS);
         builder.executorService(executor);
         if (acceptAnyCertificate) {
             builder.hostnameVerifier((host, session) -> true);
             builder.sslContext(createUnsafeSSLContext());
-        } else if (keystoreLocation.isPresent()) {
-            builder.hostnameVerifier((host, session) -> serverHostnames.contains(host));
-            builder.sslContext(createSSLContext(keystoreLocation, keystoreType, keystorePassword, truststoreType));
+        } else {
+            if (keystoreLocation.isPresent()) {
+                builder.hostnameVerifier(hostnameVerifier);
+                builder.sslContext(createSSLContext(keystoreLocation, keystoreType, keystorePassword, truststoreType));
+            } else {
+                log.info("TCK vault-client doesn't explicitly define the keystore location. Please configure " + 
+                         "'talend.vault.cache.client.vault.certificate.keystore.location' and " +
+                         "'talend.vault.cache.client.vault.certificate.keystore.type' to define it explicitly.");
+            }
         }
         providers.map(it -> Stream.of(it.split(",")).map(String::trim).filter(v -> !v.isEmpty()).map(fqn -> {
             try {