mtls-server-ca-cert.pem certificate expired, can this be recovered #1688
Comments
|
LOgs from a debug implant: 2024/05/15 16:24:08 mtls.go:168: Unable to connect: x509: certificate has expired or is not yet valid: current time 2024-05-15T16:24:08+02:00 is after 2024-05-15T10:28:09Z And that is after I regenerated a mtls-implant cert on the server keeping the same private key, using the following openssl command: openssl req -x509 -new -key mtls-server-ca-key.pem -out mtls-server-ca-key-cert.pem -days 3650 And restarted the C2. Seems that the cert is embedded in the implant, and so it's a death sentence for all implants generated until now. Am I right ? |
|
Yes, it's a death sentence the certs are embedded at compile time. |
Not a bug, but a quite annoying problem.
It seems that my mtls-server-ca-cert.pem certificate expired during a very long operation.
And none of the current implants can connect (from sliver.log) to the C2:
[31mERRO^[[0m[2024-05-15T12:59:08+02:00] [sliver/server/c2/mtls.go:103] Socket read error remote error: tls: bad certificate
^[[36mINFO^[[0m[2024-05-15T12:59:53+02:00] [sliver/server/c2/mtls.go:85] Accepted incoming connection: [::1]:58088
^[[31mERRO^[[0m[2024-05-15T12:59:53+02:00] [sliver/server/c2/mtls.go:165] Socket error (read msg-length): remote error: tls: bad certificate
Is there a way to recover from this ? Either by editing sliver.db or changing the code to remove ssl validation somewhere ?
(btw for future release, a warning a few weeks before expiration would be nice)
Sliver: 1.5.39 if it matters
The text was updated successfully, but these errors were encountered: