Keycloak Truststore for ldaps with hostname-verification-policy = ANY still fails “No subject alternative names” matching

Question

I have create a truststore.jks containing my CA certificate and added the SPI to standalone-ha.xml as follows:

The keystore is loaded correctly and I can check it