https without Let´s encrypt ? Own Cert / WAF / Proxy

[BeNe]

Hi,

is there a way to enable https without the ACME (Let´s Encrypt) Client ? Like with an own Cert or with a WAF/Proxy in Front of the C2 Server ?

I have a OPNsense Firewall in front of my Network with an HAProxy that holds all needed Certs for my DNS entries. Also the the valid Cert for my C2 Public DNS. So i don´t need/can´t run the C2 Server in https itself since the acme client is unable to get a cert. BUT the Client´s should connect via a secure tunnel to my OPNSense Firewall and get redirected interal to the C2 Server.

But it looks like that the client doesn´t understand the https traffic, if the server itself doesn´t run in https mode. Maybe there is a flag missing in the config for https ?!

I start the Server with:

root@hak5c2:~/community# ./c2_community-linux-64 -hostname "c2.my-domain.tld" -listenport 80
[*] Initializing Hak5 Cloud C2
[*] Running Hak5 Cloud C2

With the HAProxy in front of the C2 that already holds the needed SSL-Cert, i´m able to connect via https to the C2 Server without any Error. I see the login screen.

https://c2.my-domain.tld

But, none client is able to connect this way. Are there any logs on the Pineapple for example for the C2 connect ?

Thanks for any help!

[Sebkinne]

Hi BeNe,

Currently you are not going to be able to run the server in HTTPS mode with custom certificates / without the ACME client. An option allowing this is currently in the works.

If you wanted to run the Hak5 C2 Server behind a reverse proxy (with SSL or without), we will need to add an option to override the C2 URL which the clients use, as this is currently done automatically and would break the client configuration. This is also something currently in the works.

Both of these configurations will be available in the near future.