Hello,
I do have the old certificate in /opt/wapt/waptserver/ssl/.
You need to move the existing key:
`mkdir /root/oldkey` OK
`mv /opt/wapt/waptserver/ssl/key.pem /root/oldkey/` OK
`mv /opt/wapt/waptserver/ssl/cert.pem /root/oldkey/` OK
Restart postconf:
`/opt OK
Save the new key:
`mkdir /root/new` `
OK `mv /opt/wapt/waptserver/ssl/key.pem /root/new/ OK
root/new/` OK
Replace the old certificate
: `mv /root/oldkey/key.pem /opt/wapt/waptserver/ssl/` OK
mv /root/oldkey/cert.pem /opt/wapt/waptserver/ssl/` OK `
systemctl restart nginx` OK
Now you can Retrieve the public key:
cat /root/new/cert.pem /opt/wapt/waptserver/ssl/cert.pem >
/root/srvwapt.mydomain.lan.crt OK
Retrieve the file /root/srvwapt.mydomain.lan.crt and place/replace
the one in C:\Program Files (x86)\wapt\ssl\server\srvwapt.mydomain.lan.crt OK
You can now generate a new agent (which will therefore contain the
new file srvwapt.mydomain.lan.crt) OK
When I run the command wapt-get update on the machine where I deployed the new agent, the SubjectAltNameWarning warning is still present.
[SOLVED] SubjectAltNameWarning
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
olaplanche
- Messages: 178
- Registration: January 26, 2017 - 11:11
- Installed WAPT version: 2.6.0.16795 Enterprise
- Server OS: Linux / Debian Bookworm
- Administration/package creation machine OS: Windows 10
- Server OS: Linux / Debian Bookworm
- Administration/package creation machine OS: Windows 10
-
olaplanche
- Messages: 178
- Registration: January 26, 2017 - 11:11
FYI: if I edit the new .crt file, I do indeed have the new and old certificates:
-----BEGIN CERTIFICATE-----
blablabla
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
blablablabla
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
blablabla
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
blablablabla
-----END CERTIFICATE-----
- Installed WAPT version: 2.6.0.16795 Enterprise
- Server OS: Linux / Debian Bookworm
- Administration/package creation machine OS: Windows 10
- Server OS: Linux / Debian Bookworm
- Administration/package creation machine OS: Windows 10
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Yes, so that's normal;
the end of the procedure is missing:
The following operations should only be performed if the new file
C:\Program Files (x86)\wapt\ssl\server\srvwapt.mydomain.lan.crt is indeed present
on all agents.
The following operations are performed:
mv /opt/wapt/waptserver/ssl/key.pem /root/oldkey/
mv /opt/wapt/waptserver/ssl/cert.pem /root/oldkey/
mv /root/new/key.pem /opt/wapt/waptserver/ssl/
mv /root/new/cert.pem /opt/wapt/waptserver/ssl/
systemctl restart nginx
The goal of this operation is for the WAPT agent to accept both the old and new
certificates!
When the old certificate is present on the server side, it generates a warning.
the end of the procedure is missing:
The following operations should only be performed if the new file
C:\Program Files (x86)\wapt\ssl\server\srvwapt.mydomain.lan.crt is indeed present
on all agents.
The following operations are performed:
mv /opt/wapt/waptserver/ssl/key.pem /root/oldkey/
mv /opt/wapt/waptserver/ssl/cert.pem /root/oldkey/
mv /root/new/key.pem /opt/wapt/waptserver/ssl/
mv /root/new/cert.pem /opt/wapt/waptserver/ssl/
systemctl restart nginx
The goal of this operation is for the WAPT agent to accept both the old and new
certificates!
When the old certificate is present on the server side, it generates a warning.
-
olaplanche
- Messages: 178
- Registration: January 26, 2017 - 11:11
Okay, I get it!
I wanted to test before deploying the new agent to all the machines and completing the final steps of the procedure. I messed up... I just put the new certificate back in the /opt/wapt/waptserver/ssl/ folder and restarted nginx while testing on my test machine (with the new agent). Everything is OK, no more SubjectAltNameWarning warnings. I've put the old certificate back; all that's left is to deploy the new agent to all the machines and put the new certificate back in.
Thanks for your invaluable help.
I wanted to test before deploying the new agent to all the machines and completing the final steps of the procedure. I messed up... I just put the new certificate back in the /opt/wapt/waptserver/ssl/ folder and restarted nginx while testing on my test machine (with the new agent). Everything is OK, no more SubjectAltNameWarning warnings. I've put the old certificate back; all that's left is to deploy the new agent to all the machines and put the new certificate back in.
Thanks for your invaluable help.
- Installed WAPT version: 2.6.0.16795 Enterprise
- Server OS: Linux / Debian Bookworm
- Administration/package creation machine OS: Windows 10
- Server OS: Linux / Debian Bookworm
- Administration/package creation machine OS: Windows 10
