I already read the guide: https://docs.hak5.org/hc/en-us/articles/360049664554-Cloud-C2-setup-with-self-signed-SSL-certificates
But, I don't use a self signed SSL certificate!
I am using a standard wilcard one delivered by my an Internet Provider for "myDomain" and all first level subdomains "*.myDomain.tld".
(My certificate is signed by a certification authority…)
To have this certificate, the procedure is :
I un the "openssl" command line, like a self signed SSL certificate guide… using "-out cert.csr" instead "-out cert.cst" and *.myDomain.tld" as FQDN.
I send "cert.csr" file to the SSL certification department of an Internet provider of mine (and pay the bill! 🙂).
On the one hand, the SSL certification department give me a fingerprint to add in a CNAME record of the myDomain.tld DNS server.
On the other and, the SSL certification department send me the signed certificate ("cert.crt") and another file: an intermediate certificate called "ProviderStandardSSLCA2.pem".
Writing these lines, I remember that, in the self signed SSL certificates guide, you run the "cat certs/cert.crt >> cert.pem" command line… 💡
… and remember that :
On the VPS, the certificate (.crt) and intermediate certificate (.pem) don't share the same radical name!
root@vps:~# cd /path/to/certs
root@vps:/path/to/certs# ln -s ProviderStandardSSLCA2.pem myFile.pem
root@vps:/path/to/certs# systemctl restart cloudc2.service
On the Pineapple device, I forget the cert.pem file! So, I do the following sequence:
Copy (scp) the ProviderStandardSSLA2.pem to my PineApple device, in "/etc/ssl/".
Connect (ssh) to the device :
root@PineappleTetra:~# cd /etc/ssl
root@PineappleTetra:/etc/ssl# cat ProviderStandardSSA2.pem >> cert.pem
root@PineappleTetra:/etc/ssl# rm ProviderStandardSSA2.pem
Generate and download a new "device.config" from Cloud C² server.
Upload (scp) the "device.config" to my PineApple device, in "/etc/" and reboot it.
AND 🥁 THE PINEAPPLE IS CONNECTED!
Thanks very much for you, Foxtrot and chizree The exchanges with you are a great help. 👍👍👍