So apparently I’m a muppet, I spent a while doing some digging around in disassemblies of the client and server components, only to discover that the certificate file I dropped onto the KVM was in the wrong format…

So, I grabbed another copy, renamed the files appropriately and restarted the webserver, lo and behold it came up and is now presenting the correct certificate. Hallelujah.

Next step, convince it to use that cert for the actual KVM bits, easy enough, copy webserver.crt and webserverkey.pem to dserver.crt and dserverkey.pem respectively, restart kleserver, comes up and all is happy, now it’s time to connect to the KVM using their viewer…

IP Viewer SSL Error

Holy crap, they actually validate certs… OK, need to fix that…

There’s a “Trust” directory under the client which presumably is where you’re supposed to shove this stuff, but it’s undocumented and I can’t be bothered reversing that part of things. No matter, there’s a file called “droot.crt” sitting in the client directory, sounds promising, replace that with fullchain.pem from the Let’s Encrypt cert, still not happy, for some reason it appears that the “fullchain” from LE isn’t actually the full chain, it only contains the intermediate CA, evidently we need the whole chain, go dig up a PEM for “DST Root CA X3”, throw it into the droot.crt file, try again, et voilà it works! I’ll have to cook up an automatic update mechanism still, but for the moment, that’ll do.

Next thing I want to do for this is to replace their shitty client with something that sucks less…