@coguy450 - This is curl (the forked process that underpins connect http), saying there’s no alternative name for localhost in the TLS certificate. You have several options on the command line:
- Add the alternative name to the certificate on the target host
- Pass the
-schemeand-hostflags toconnect http:
boundary connect http -scheme https -host <domain_name> -target-id ttcp_1234567890
- Tell curl to skip certificate verification using
-k:
boundary connect http -target-id ttcp_1234567890 -- -k
Here’s an example of proxying Google over Boundary (somewhat similar situation you’re in being that it’s HTTPS over a TCP proxy):
For this example, I updated the following on the default dev target:
- Set
max_connectionsto -1 - Set
default_portto 443 - Set the target host
addressto google.com.
On the command line:
$ boundary connect http -scheme https -host google.com -target-id ttcp_1234567890 -- -L
<truncated>
* Connected to www.google.com (127.0.0.1) port 54265 (#1)
Note that I passed -L in this example to follow the redirects.
And for the browser use-case:
Make your browser believe localhost is in fact the remote domain you’re accessing over the proxy by setting it in /etc/hosts:
$ cat /etc/hosts
127.0.0.1 google.com
Then run a simple connect session to start a proxy session:
boundary connect -target-id ttcp_1234567890
Proxy listening information:
Address: 127.0.0.1
Connection Limit: -1
Expiration: Thu, 29 Oct 2020 22:58:45 PDT
Port: 54049
Protocol: tcp
Session ID: s_KQbPFnkXpu
Then, open a browser to the domain name you’re overriding in /etc/hosts but with the proxy port (don’t forget to use https://):
You’ll also notice the certificate is verified:
