Hello everyone,
I'm having some trouble setting up the certificate.
The documentation tells us that we don't need to create a new key and that the key we should use is in c:\private\mykey.pem.
So I go to "Generate a certificate":
in the "Destination directory for keys" field, I have C:\wapt\private.
What should I do?
Use the key from the old path c:\private or the one from the new c:\wapt\private?
Because in both cases, the password I'm using doesn't work: "Error creating key: exceptions.TypesError: Password was given but private key is not encrypted."
Regards,
Elminio
[SOLVED] Certificate problem during update 1.5 (Windows)
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Good morning,
If you have followed the documentation correctly, you should now indeed protect your private key with a password:
The private key must not NEVER be stored in C:\wapt\private since this is the installation directory of your WAPT agent and therefore encapsulated when the agent is created.
You would end up with a private key scattered across your entire network.
So it is indeed the private key located in C:\private which must be protected and from which you will need to generate a certificate with the Code-Signing attribute
Sincerely,
Alexander
If you have followed the documentation correctly, you should now indeed protect your private key with a password:
The private key must not NEVER be stored in C:\wapt\private since this is the installation directory of your WAPT agent and therefore encapsulated when the agent is created.
You would end up with a private key scattered across your entire network.
So it is indeed the private key located in C:\private which must be protected and from which you will need to generate a certificate with the Code-Signing attribute
Sincerely,
Alexander
Good morning,
I've added a screenshot to the documentation:
Your message means that the private key has not been password-protected and that you cannot currently generate a certificate for it.
Alexander
I've added a screenshot to the documentation:
Your message means that the private key has not been password-protected and that you cannot currently generate a certificate for it.
Alexander
I'm still having my little certificate problems.
Now, when I re-sign all the packages:
`wapt-signpackages -i -s --message-digest=sha256,sha1 -c C:\private\Clef.crt C:\wapt\waptserver\repository\wapt\*.wapt`,
I get this error:
Error: Certificate None doesn't allow to sign packages with setup.py file.
Elminio
Now, when I re-sign all the packages:
`wapt-signpackages -i -s --message-digest=sha256,sha1 -c C:\private\Clef.crt C:\wapt\waptserver\repository\wapt\*.wapt`,
I get this error:
Error: Certificate None doesn't allow to sign packages with setup.py file.
Elminio
The certificate you're using likely lacks the Code-Signing attribute.
Generate a new certificate with the Code-Signing attribute from Tools > Generate Certificate, then resign your packages using this certificate.
- Alexandre
Generate a new certificate with the Code-Signing attribute from Tools > Generate Certificate, then resign your packages using this certificate.
- Alexandre
One last thing:
I re-signed the packages and it works.
But I'm stuck at the FQDN to UUID conversion (I haven't generated the agent yet).
"Finally, rename (convert FQDN to UUID) and re-sign the machine packages (skip this step if you chose fqdn_as_uuid when generating the agent)."
Elminio
I re-signed the packages and it works.
But I'm stuck at the FQDN to UUID conversion (I haven't generated the agent yet).
"Finally, rename (convert FQDN to UUID) and re-sign the machine packages (skip this step if you chose fqdn_as_uuid when generating the agent)."
Elminio
Perfect!
There's an omission in the documentation regarding the signing of machine packages; we'll correct it.
There's an omission in the documentation regarding the signing of machine packages; we'll correct it.
This should be a bit clearer: https://www.wapt.fr/fr/doc/waptserver_u ... ml#windows
