Question around accessing web targets

@coguy450 - This is curl (the forked process that underpins connect http), saying there’s no alternative name for localhost in the TLS certificate. You have several options on the command line:

  1. Add the alternative name to the certificate on the target host
  2. Pass the -scheme and -host flags to connect http:
boundary connect http -scheme https -host <domain_name> -target-id ttcp_1234567890
  1. Tell curl to skip certificate verification using -k:
boundary connect http -target-id ttcp_1234567890 -- -k

Here’s an example of proxying Google over Boundary (somewhat similar situation you’re in being that it’s HTTPS over a TCP proxy):

For this example, I updated the following on the default dev target:

  1. Set max_connections to -1
  2. Set default_port to 443
  3. Set the target host address to

On the command line:

$ boundary connect http -scheme https -host -target-id ttcp_1234567890 -- -L
* Connected to ( port 54265 (#1)

Note that I passed -L in this example to follow the redirects.

And for the browser use-case:

Make your browser believe localhost is in fact the remote domain you’re accessing over the proxy by setting it in /etc/hosts:

$ cat /etc/hosts

Then run a simple connect session to start a proxy session:

boundary connect -target-id ttcp_1234567890

Proxy listening information:
  Connection Limit:    -1
  Expiration:          Thu, 29 Oct 2020 22:58:45 PDT
  Port:                54049
  Protocol:            tcp
  Session ID:          s_KQbPFnkXpu

Then, open a browser to the domain name you’re overriding in /etc/hosts but with the proxy port (don’t forget to use https://):

Screen Shot 2020-10-29 at 2.48.33 PM

You’ll also notice the certificate is verified:

Screen Shot 2020-10-29 at 2.48.50 PM