The procedure worked correctly; luckily I had a week or two to deploy the new configuration to the clients, otherwise, with certificate pinning and the CA change, a loss of connection with all clients would have been guaranteed.


Be careful with the certificate bundle...

Too bad, no response.
So I'll answer myself (it might be useful to someone else).

My plan:

I'm going to try deploying a package that disables pinning (verify_cert = 1) on clients.
Since the certificates aren't self-signed, I'll keep a valid SSL encryption...

It's definitely more secure with client certificates.

In a community setting, to further enhance security, you can also filter communications based on the websites' IP addresses (provided they are static), and require a password during the initial installation of the WAPT client.

I just wanted to say that...

Hello,

this is the type of configuration we use in the Community edition and it works without any problems.

We have several workstations spread across thirteen sites that contact a server via the internet. The connection is made from the workstation to the server.
The data flow between the workstations and the server is encrypted...

Hello,

my SSL certificate on my WAPT server is about to expire.
Due to a change of provider, the new certificate I obtained is not issued by the same certificate authority as the first one (generated two years ago).

How do I deploy this new certificate on...