Unable to add an internal server as an external repository

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Answer
TomTomGo
Messages: 25
Registration: May 3, 2017 - 3:36 p.m.
Location: La Chapelle-sur-Erdre

January 23, 2025 - 08:18

Good morning,

Since updating a WAPT server from version 2.4 to 2.5.5.15697, I can no longer add this server as an external repository from another server also in version 2.5.5.15697 (this worked fine in 2.4).
Repository configuration:
Repoconf.png
Repoconf.png (20.99 KB) Viewed 3940 times
If we try to import a package from this repository:
Repoconf3.png
Repoconf3.png (6 KB) Viewed 3940 times
I therefore assume that this has to do with the activation of SSL client authentication since 2.5, but I don't see how to authenticate the administration console of a server A via adding an external repository to a server B. The agents of the machines attached to their respective servers work correctly at the level of SSL + Kerberos client authentication.

Environment: WAPT Debian 11 server (up-to-date), WAPT 2.5.5.15697 Discovery
Administration machine operating system: Windows Server 2019 (up to date)

Thank you and have a good day
High
User avatar
dcardon
WAPT Expert
Messages: 1930
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

January 23, 2025 - 10:31

Hi Thomas,

you've correctly identified the problem. Currently, client certificate authentication isn't supported in the package import interface. I think the simplest solution is to define a second virtual host on the server without client certificate authentication but with source IP address restrictions, and point the other servers to it.

Normally, there's no need to set up multiple WAPT servers except for very large organizations with delegated access rights. If you have remote sites, the best approach is to set up secondary repositories, but centralize inventory updates on the same server.

Alternatively, in the enterprise version, we have scripts for synchronizing between WAPT servers.

Best regards,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
TomTomGo
Messages: 25
Registration: May 3, 2017 - 3:36 p.m.
Location: La Chapelle-sur-Erdre

January 23, 2025 - 10:56

Hi Denis,

Yes, that's what I suspected, thanks for the confirmation.
I'll look into the VHOST solution. Otherwise, I found a "dirty" but temporary fix: I retrieved the client certificate and private key from "C:\Program Files (x86)\wapt\private" on server A and copied them to server B. I then pointed them to the repository settings under "Advanced Settings > Client SSL Certificate Path" and "Advanced Settings > Client SSL Key Path".
We actually have a somewhat outdated way of working: a "dev" WAPT server that we use to test packages on a few machines before importing them to the "prod" WAPT server. I'm well aware it's not ideal, and I regularly urge my superiors to switch to an enterprise server with all the extra features that come with it, but oh well... Have

a good day.
High
User avatar
vcardon
WAPT Expert
Messages: 278
Registration: Oct 06, 2017 - 10:55 p.m.
Location: Nantes, France

January 23, 2025 - 8:20 PM

Good evening TomTomGo,

Of course, we encourage you to continue your efforts to persuade your decision-makers to upgrade to Enterprise. Since you're located in La Chapelle-sur-Erdre, we can come in person to help you encourage them, or vice versa.

In the short term, it seems your needs can be met by the concept of "maturity."

If you search for this term on this forum, you'll find many posts discussing the need to test packages on a small portion of the network before rolling them out more broadly, without needing a second WAPT server.
Vincent CARDON
Tranquil IT
High
TomTomGo
Messages: 25
Registration: May 3, 2017 - 3:36 p.m.
Location: La Chapelle-sur-Erdre

January 30, 2025 - 09:41

Hello Vincent;

Thank you for your message. We are indeed practically neighbors, and we won't hesitate to contact you directly about a company placement. ;)

In the meantime, I'll look into the "maturity" option, which I'd seen but hadn't explored in depth until now...

Have a good day.

Sincerely,

Thomas
High
Answer

Return to "WAPT Server"


  • To go further with WAPT