tags:

views:

260

answers:

1

Here is a trivia question for any ssh/ssl experts. In our corporate office we have a JMS app (Tibco EMS) running on a server behind a firewall which blocks most ports.

I can ssh into this server but can not send messages to the JMS app because the port isn't open. So using putty I created an ssh tunnel to the server so that instead of sending messages to ssl://theserver:1234 I send messages to ssl://localhost:1234.

Strangely I can login into the admin console using the ssl://localhost:1234 url. But when I try to send messages to ssl://localhost:1234 I get errors stating that it can't connect to ssl://theserver:1234. I'm not sure how it got the 'theserver' hostname, my guess is that the hostname is in the ssh certificate file (?) and it grabbed it from there.

But anyways does anyone know the solution to this. How can I tunnel into a server and tell the client to ignore the hostname in the certificate file and just use localhost.

And I know the easy answer is open up the port but there are typical corporate IT security concerns such that they won't allow it.

+1  A: 

I'm pretty sure that name does not come from the certificate. As far as I understand Tibco, you should have a daemon process rvd or rvrd (or some sort of an agent process) somewhere - either on the server, or on both client and the server. Look for configuration files for these. The chances are that the name comes from one of these files.

Nikolai N Fetissov