3

I have several (web) servers set up in various different locations I can SSH to, using port forwarding to work with them pointing my Firefox to https://localhost:443/application (I use ssh user@server -L 443:localhost:443 to connect). Each server was set up with a different self-signed certificate (generated during server setup) which doesn't matter to me - there needs to be no real security involved. However depending on which server I'm connected to, my Firefox will always display a security warning after connecting to a different server. Sharing one certificate for all servers is not an option. Using different ports for each is also no option. Using http is no option as well.

Is there any way to tell Firefox to accept all certificates on localhost (and only on localhost!) without reconfirmation, even if they change?

Improve this question

1 Answer 1

Reset to default
2

No I don't think so. localhost isn't treated any differently to any other hostname. So you accept an exception for a specific circumstance: hostname+certificate.

If the certificate changes for a domainname, the exception no longer applies, and so you'll get prompted.

What you might want to consider is adding different host names to your /etc/hosts file:

127.0.0.1               localhost server1 server2 server3 server4

Then for each of the forwarded hosts, you would use https://server1 or https://server2 etc. These would still point to 127.0.0.1, but with a different hostname.

Then you could accept an exception for each one.

Improve this answer
5
  • I had already tried the hostname workaround. It works, but it doesn't allow me to simply bookmark localhost/app which would be far more convenient. I had hoped Firefox had a "list of hostnames to ignore certificates for" somewhere.
    – BennyInc
    Commented Dec 27, 2011 at 8:29
  • @BennyInc I don't follow - how is localhost/app more convenient to bookmark than app or server1/app ?
    – Paul
    Commented Dec 27, 2011 at 8:33
  • I have several servers I run this app on - so I'd only have to use the one localhost/app for each one, deciding which to use by choosing which server I tunnel to. Using several bookmarks would double the effort again, as I need to ssh into the correct one anyway but then would also have to select the correct bookmark.
    – BennyInc
    Commented Dec 27, 2011 at 10:25
  • @BennyInc Aah, I see. You could pull this off with something like apache + ProxyPass, but it goes against the security fundamentals for a browser, so I don't think it is possible. Perhaps someone will happen along with a better answer.
    – Paul
    Commented Dec 27, 2011 at 12:06
  • As no one came up with a better answer for now, I've accepted yours. While it's not ideal for my situation, it might help others with similar issues.
    – BennyInc
    Commented Jan 4, 2012 at 15:05

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .