Code: Select all
openssl rsa -in /root/mykey.pem -text[SOLVED] Private key/certificate issue
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
To check something:
You can run this command to verify that the password is correct
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Can you compare the moduli of the PEM and the CRT?
Code: Select all
openssl rsa -noout -modulus -in /root/mykey.pem -text |grep Modulus
Code: Select all
openssl x509 -noout -modulus -in /root/mykey.crt |grep Modulus
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi Valentin,
if the module is different, it means the certificate (truc.crt) wasn't created from the key in question (truc.pem)... A new key was probably created with the same name, or something similar.
You need to check the crt against the one deployed on the client machines (in wapt\ssl). If you can't find the corresponding key, you'll need to create a new private/public key pair, then regenerate the agent and push it back onto the network via GPO or another method.
WAPT security is based on PKI functionality, meaning the agent validates packet signatures against a public certificate deployed on each agent. The packet must be signed with the corresponding private key; otherwise, it will be rejected.
I'm marking this topic as resolved.
Best regards,
Denis
if the module is different, it means the certificate (truc.crt) wasn't created from the key in question (truc.pem)... A new key was probably created with the same name, or something similar.
You need to check the crt against the one deployed on the client machines (in wapt\ssl). If you can't find the corresponding key, you'll need to create a new private/public key pair, then regenerate the agent and push it back onto the network via GPO or another method.
WAPT security is based on PKI functionality, meaning the agent validates packet signatures against a public certificate deployed on each agent. The packet must be signed with the corresponding private key; otherwise, it will be rejected.
I'm marking this topic as resolved.
Best regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Hello,
I haven't touched my key pair at all. So I have no idea what could have happened to cause the certificate to be different.
I've been using WAPT since September 2022, and the key and certificate were created then.
Anyway, I just regenerated a key pair, re-signed the hosts and packages, and copied the certificate to a machine and tried modifying it there, and it works.
I'm now going to deploy the certificate across the network.
Thank you for your time.
I haven't touched my key pair at all. So I have no idea what could have happened to cause the certificate to be different.
I've been using WAPT since September 2022, and the key and certificate were created then.
Anyway, I just regenerated a key pair, re-signed the hosts and packages, and copied the certificate to a machine and tried modifying it there, and it works.
I'm now going to deploy the certificate across the network.
Thank you for your time.
