Metasploit's SSL giving you the alkjblkjalksjdf.org blues?

So you've developed your awesome, passive 0-day exploit module in Metasploit. 100 out of 100 throws and every time it succeeds. Sweet! But wait a tick, what's this? Looking at the SSL handshake you find that Metasploit's auto-generated SSL certificate is less than optimal. What? Waddya mean adkljablkj1kljadsf.com is going to set off any red-flags to your un-suspecting victim?

Easy enough, let's just change the SSL cert that's being used with the server's handshake. While you'd think this is a straight-forward config value, turns out the implementation is a little round-about.

First, since the exploit is running as a server, there's a corresponding Metasploit service that handles the incoming connections. This object is controllable by the exploit module, but adjusting it in the exploit method is too late, since we're already connected to a potential victim. During the setup of the service, an exploit module is given an opportunity to setup before the server goes "live". This is handled in the prime method.

def prime
   # setup SSL ctx object
   service.listener.sslctx = ctx
end

This will be invoked before the server starts accepting connections, giving your exploit a chance to be  more stealthy.