The default TLS certificate that a Gitblit installation creates have "localhost" as the CN and no SubjectAlternativeNames. With Java 8+ this can be a problem for federation that uses HTTPS. Java will by default do a hostname verification now, which means that the pull over HTTPS will fail since the hostname in the URL will most likely not be in the certificate.
While this can be fixed by the user by issuing new certificates with Gitblit's authority that use the actual hostname, it would be nice if the default certificates could be more useful. If the default certificates already had the hostname and the host's IP address in them, then they would cover more use cases.
The default TLS certificate that a Gitblit installation creates have "localhost" as the CN and no SubjectAlternativeNames. With Java 8+ this can be a problem for federation that uses HTTPS. Java will by default do a hostname verification now, which means that the pull over HTTPS will fail since the hostname in the URL will most likely not be in the certificate.
While this can be fixed by the user by issuing new certificates with Gitblit's authority that use the actual hostname, it would be nice if the default certificates could be more useful. If the default certificates already had the hostname and the host's IP address in them, then they would cover more use cases.