Certificate Cleaning

Share your tips or issues concerning the WAPT Console or WAPT Agent here
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
AlbanUCA63
Messages: 15
Registration: March 18, 2019 - 10:14

November 16, 2021 - 10:37

Hello everyone,

We are setting up "child" certificates to restrict access to certain websites for our colleagues.
In my certificate list (ACL -> "View"), I see certificates that I no longer need.
So I go to /var/www/wapt/ssl to delete these certificates.
For now, it seems to be all correct :) (to be confirmed).

However, I still have quite a few unnecessary certificates visible in my list that I can't find in /var/www/wapt/ssl. I
can't figure out where they are to make the list look clean with only my new certificates (and those already in use).

Does the console retrieve this list only from the server?
Or does it get information from elsewhere?

Thank you for your answers.

Alban

PS: We are using Wapt 2.1 Enterprise on Ubuntu, console under Windows Server 2019.
High
User avatar
htouvet
WAPT Expert
Messages: 436
Registration: March 16, 2015 - 10:48
Contact :
Contact htouvet

November 16, 2021 - 11:32

Hello,
The certificates displayed in the certificate grid of the ACL window are
: - all those present in the packages of the repository
- plus those present in the directory designated by the 'known_certificates_folder' key of the waptserver.ini file (by default /var/www/ssl)
- plus those possibly associated with console users by the "Associate a certificate with the user" function
Tranquil IT
High
AlbanUCA63
Messages: 15
Registration: March 18, 2019 - 10:14

November 16, 2021 - 12:08 PM

Hi Hubert,

Thanks for your reply, however, I do have certificates displayed that are:
- neither present in the repository (these certificates weren't deployed via a package back then)
- nor in /var/www/ssl (the default directory is)
- nor associated with a user.

Could it be, for the repository, a package signed by an "old" certificate?

PS: And could an "old" certificate lingering on an agent appear in this list?

Alban
High
User avatar
htouvet
WAPT Expert
Messages: 436
Registration: March 16, 2015 - 10:48
Contact :
Contact htouvet

November 16, 2021 - 12:14

Yes, that's the purpose of
all the certificates present in the repository packages

. In each package, there's the certificate of the user who signed the package.
During the "scanpackages" operation, these certificates are extracted and collected in the index "/var/www/wapt/Packages".
This index is a Zip file.
If you download it (https://myserver/wapt/Packages) and open it with 7-Zip, you'll see a /ssl directory inside with all the found certificates named with their SHA256 fingerprints.
Tranquil IT
High
Locked

Return to "WAPT usage (Console, Agent) / WAPT usage (Console, Agent)"


  • To go further with WAPT