Cloud C²
  • Cloud C² by Hak5
  • Getting Started
    • Cloud C² Basics
    • Licensing and Downloads
    • Installation and Setup
    • Adding Devices
    • Navigating the Interface
    • Managing Devices
  • Guides
    • Quick Deployment on an Amazon Lightsail VPS
    • Let's Encrypt SSL configuration and device enrollment
    • Enabling Cloud C² as a service on boot and Exfiltration
    • Cloud C² Setup with Self-Signed SSL certificates
    • Installing updates to the Cloud C² Server
    • Upgrading Cloud C² Editions
  • Troubleshooting
    • Device cannot connect to server
    • Account Recovery
  • Extras
    • Icon Sets
Powered by GitBook
On this page

Was this helpful?

  1. Guides

Cloud C² Setup with Self-Signed SSL certificates

By default when using the -https flag with the Cloud C² binary, a Let's Encrypt certificate will be used. In the case that you wish to provide a self-signed certificate, please note the following additional deployment details:

1) When generating the certificate, the Common Name must be the IP address or FQDN of the server. See this example:

Our self-signed certificate was generated like this:
(192.168.0.119 is the IP address of the machine running the Hak5 Cloud C2 server)

openssl req -newkey rsa:2048 -x509 -sha256 -days 3650 -nodes -out cert.crt -keyout cert.key

Country Name (2 letter code) [AU]:GB 
State or Province Name (full name) [Some-State]:Manchester
Locality Name (eg, city) []:Manchester
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hak5
Organizational Unit Name (eg, section) []:Developers
Common Name (e.g. server FQDN or YOUR name) []:192.168.0.119
Email Address []:shop@hak5.org

2) When provisioning the device, in addition to copying the device.config file to /etc/, the generated cert.crt must be appended to the cert.pem file in /etc/ssl/.

1) SCP the resulting cert.crt to your devices, in "/etc/ssl/certs"
2) SSH into your device
3) Execute "cd /etc/ssl"
4) Execute "cat certs/cert.crt >> cert.pem"
5) Reboot the device

The device should now successfully check-in to the Hak5 Cloud C2

3) the command line arguments should be passed in the order -hostname, -https, -keyFile and -certFile

./c2-3.2.0_amd64_linux -hostname 192.168.0.119 -https -keyFile /var/hak5c2/cert.key -certFile /var/hak5c2/cert.crt

From version 3.0.0 onward all, Cloud C² editions (Community, Edition, Teams) use the same binary. Filenames for Cloud C² will differ from example — however all parameters remain the same.

Last updated 1 year ago

Was this helpful?