turtle-one Posted February 20, 2022 Posted February 20, 2022 Hey guys, I set up a Cloud C2 on a VPS Server with SSL. Everything seem to be fine. The certificate is from ZeroSSL, just in case it matters. The firewall is configured (Port 80, 443 and 2022 TCP are inbound open), netstat says: netstat -nlp | grep c2- tcp6 0 0 :::2022 :::* LISTEN 2059/./c2-3.1.2_amd tcp6 0 0 :::80 :::* LISTEN 2059/./c2-3.1.2_amd tcp6 0 0 :::443 :::* LISTEN 2059/./c2-3.1.2_amd Any idea why my devices won't connect (last seen: never)? Are there any logs to check? Thanks...
dark_pyrro Posted February 20, 2022 Posted February 20, 2022 Are you starting the C2 server with those certs as parameters? Have you created device.config files for your devices when the C2 server is running with the correct cert? The cert perhaps needs to be available on the devices as well (public key).
turtle-one Posted February 20, 2022 Author Posted February 20, 2022 I'm starting the server with the following command and parameters: sudo ./c2-*_amd64_linux -hostname <my-doamin-name> -https -keyFile /home/as/cert/private.key -certFile /home/as/cert/certificate.crt After starting the server I created the device.config and put on my LAN Turtle in /etc. Then I called root@turtle:/etc# C2DISCONNECT Device Disconnected From C2 and root@turtle:/etc# C2CONNECT sshd already running warning: commands will be executed using /bin/sh job 5 at Sun Feb 20 15:23:00 2022 but the device is not online. Where should I put the cert on the turtle?
turtle-one Posted February 20, 2022 Author Posted February 20, 2022 In /var/cc-client-error.log I found this: [1645371105 !ERR CURL ] Error posting update to server... [1645371105 !ERR INITSYNC ] Error in startup sync post [1645371105 !ERR MAIN ] Device startup sync failed. Retrying... What could that mean?
dark_pyrro Posted February 20, 2022 Posted February 20, 2022 Try to append the cert info to the cert.pem file in /etc/ssl/
turtle-one Posted February 20, 2022 Author Posted February 20, 2022 Good idea... I merge both the certificate.crt and the ca_bundle.crt (called it ssl_bundle.crt) and restarted the server. The device came up and started syncing immediately. So I guess it was a certificate chain thing. Thanks dark_pyrro - great support.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.