I've got a PHPMyAdmin installation set up, but accessible only via localhost. This means that to access the URL, I need to set up an SSH tunnel before I access the URL.
When I do so, however, I get a warning saying that the SSL connection is unsafe because the certificate is not valid (my domain has a valid certificate). Is it safe to bypass this, considering I have many users who will be accessing the URL via SSH tunnel?
If it is not, what do I have to do to rectify this issue?
It's fairly common.
You can't get a certificate for localhost, so you either have to use a real public hostname, not use SSL, or accept the certificate warning.
Accepting the certificate warning is the easiest - but it does get people into a bad habit of just accepting certificate errors where they aren't expected and might be a real sign of something wrong.
Not using SSL for this would be fine - the data over the internet will already be encrypted by the SSH tunnel. So you could just switch to using HTTP for it without much issue and no certificate warnings.
Or you can skip the SSH tunnel and make it accessible publicly, at a password protected directory of your regular URL. If you do that, avoid using the default /phpmyadmin since people scan for that constantly. Putting it at a randomly generated is better. This might be slightly less secure than requiring an SSH tunnel, but its also easier for people to use. And it'll be protected by both your webserver's login prompts and phpmyadmin's, so even if there were a flaw in one, the other should still protect it.
