If an SSL certificate's name must match the name entered into the browser, what do you do with SSH Local Port Forwarding?
add tag
leeand00 
If the SSL certificate must match the name entered into the browser; what if the name entered into the browser is `https://localhost:8080`, in the case of accessing a server that is behind an SSH gateway; and is accessed via Local Port Forwarding?

Should I instead on the client add a name/ip pair to `/etc/hosts`, make my certificate the same name and then enter `https://forwarded-server-beyond-ssh-gw:8080` to access it over SSL?

I realize it might be a little bit overkill to encrypt the tunnel and then encrypt the https request too, but if someone gets into my DMZ they'd be able to see the traffic there on the DMZ subnet, so it's probably idea to do it anyway.
comments
transcript

Enter question or answer id or url (and optionally further answer ids/urls from the same question) from

Separate each id/url with a space. No need to list your own answers; they will be imported automatically.