- Installed WAPT version: 2.5.3
- Server OS: Windows Server 2019
- Administration/package creation machine OS: Windows 11
Hello,
I updated WAPT from version 2.4 to 2.5.3, but I'm encountering a certificate problem.
A "Warning: Potential security risk" pop-up appears when I try to configure the WAPT console.
I'm using a self-signed certificate, and when I click "Trust," it just restarts the security warning window in a loop.
There is a link to a tutorial about certificate pinning, but I get a 404 error when I try to follow it.
Is there a link to a tutorial on how to validate my self-signed certificate?
Sincerely
[RESOLVED] Certificate issue when upgrading from 2.4 to 2.5
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Did you enter a name or an IP address in the console?
This happens when the name you're using doesn't match the name in the certificate.
This happens when the name you're using doesn't match the name in the certificate.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
And previously, did you verify the HTTPS certificate?
(look at the wapt-get.ini file) in "C:\Program Files (x86)\wapt" and check the value of verify_cert
(look at the wapt-get.ini file) in "C:\Program Files (x86)\wapt" and check the value of verify_cert
For [Global] verify_cert=0, for [wapt-templates] verify_cert=1.
However, looking in the ini file, I saw that the server is pointed to via its IP address.
I checked the warning message, and the certificate I'm being asked to trust is linked to the IP address and not the server name.
However, looking in the ini file, I saw that the server is pointed to via its IP address.
I checked the warning message, and the certificate I'm being asked to trust is linked to the IP address and not the server name.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
So historically you do not verify the https certificate.
The only thing that changed in 2.5 is that now the "verify https certificate" box is checked by default.
In your case, we suggest "Trust" (verify the certificate in pinning mode) but this will only work if the name in the certificate matches.
At the end of the postconf session, the certificate data will be displayed:
In my case, in Altnames, you can perform HTTPS certificate verification with srvwapt.testsf.lan or the IP address 10.11.6.235
The only thing that changed in 2.5 is that now the "verify https certificate" box is checked by default.
In your case, we suggest "Trust" (verify the certificate in pinning mode) but this will only work if the name in the certificate matches.
At the end of the postconf session, the certificate data will be displayed:
Code: Select all
Waptserver certificate
Subject: {'commonName': 'srvwapt.testsf.lan'}
Issuer : CN=srvwapt.testsf.lan
Altnames: ['srvwapt.testsf.lan', IPv4Address('10.11.6.235')]
SHA1: e8274087ccec6d0239866ec5920c76488303a954
SHA256: 88ad24feabb5e1e36c2176fb0e0b9fcc33d415e7508ab6cfd706d3d9b457272b
Hello,
I disabled automatic verification and was then able to connect to the console.
However, it switched me to "Discovery" mode even though I'm on an "Enterprise" server with an empty workstation inventory (probably because the client couldn't be updated on the workstations?). The private repository is working fine.
So I tried to re-import my license key, but I'm getting an "Error activating license" message.
I disabled automatic verification and was then able to connect to the console.
However, it switched me to "Discovery" mode even though I'm on an "Enterprise" server with an empty workstation inventory (probably because the client couldn't be updated on the workstations?). The private repository is working fine.
So I tried to re-import my license key, but I'm getting an "Error activating license" message.
-
dcardon
- WAPT Expert
- Messages: 1930
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Maxime,
could you please try upgrading to the latest version 2.5.4.15337 to see if you still have the problem?
Regarding disabling HTTPS, it's recommended to push a package to reconfigure the WaptServer URL on the clients and then re-enable it.
Regards,
Denis
could you please try upgrading to the latest version 2.5.4.15337 to see if you still have the problem?
Regarding disabling HTTPS, it's recommended to push a package to reconfigure the WaptServer URL on the clients and then re-enable it.
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
