loss of private key wapt

STF · April 1, 2022 - 11:22

Hello,

beginner's mistake: when trying to move a test infrastructure to production, I reinstalled the WAPT console host, thinking I had backed up everything necessary. However, since the initial tests on this infrastructure were done some time ago, I must have placed the key in a specific location and I saved (without checking...) an empty private folder!

Recovery is complicated, so the question is how to get everything back in working order: should I push a new client signed with a new key (or more simply, a new certificate) to all the affected client machines?

One thing puzzles me, though: when installing the console on a client, a new crt/pem pair is created on that client, but of course, it doesn't allow any real operations on the existing packages and clients. I'm not sure I understand what they're for?

Thanks

April 1, 2022 - 3:05 PM

Hello

https://www.wapt.fr/fr/doc-2.2/wapt-com ... rivate-key

Are you sure you don't have a small backup somewhere?

Simo

April 1, 2022 - 3:20 PM

Hello STF,

if you're managing Windows systems connected to Active Directory, the simplest solution is to recreate a certificate/private key pair and repel the agent using a Group Policy Object (GPO).

Regards,

Denis

STF · April 4, 2022 - 8:24 AM

Good morning

sfonteneau wrote: ↑Apr 1, 2022 - 3:05 PM
Are you sure you don't have a small backup somewhere?

Unfortunately...yes!

A real beginner's mistake: we set up the platform several months ago, left it in a corner due to lack of time, played around with it from time to time to test by deploying a few clients, then we thought, let's deploy the clients more widely to test further and put it into production, we then had some bugs on the console, so we thought, let's start fresh, we reinstalled the admin machine which had become a garbage machine and bam, no more private key!

I'm proud of myself for that, no worries!

Well, it's still acceptable given the limited usage history: redeploying a new certificate isn't the biggest problem and we don't have much to resign ourselves to...

Two questions therefore remain unanswered:

- What does the certificate/key pair recreated on the admin's machine correspond to?

- What happens if we delete the packages signed with the old certificate for the machines where these packages are deployed?

April 4, 2022 - 9:09 PM

- What does the certificate/key pair recreated on the admin workstation correspond to?

- What happens if we delete the packages signed with the old certificate for the workstations where these packages are deployed?

The certificate/key pair created on the administrator's machine is:

- your private key, which you will use to sign WAPT packages and actions; keep it safe, but now you have the experience

- the public certificate which will be deployed on the computers in the network and which will be used to validate that the WAPT actions and packages have indeed been signed by you.

Regarding your second question, the software is already installed, so if you redeploy a WAPT package with the same package version that is signed with your new key, then WAPT will detect that there is nothing to do.

STF · April 7, 2022 - 6:11 PM

vcardon wrote: ↑Apr 4, 2022 - 9:09 PM
The certificate/key pair created on the administrator's machine is:

- your private key which will be used to sign WAPT packages and actions, to be kept safe, but now you have the experience

- the public certificate which will be deployed on the computers in the network and which will be used to validate that the actions and WAPT packages have indeed been signed by you.

Okay, so the console installation creates a key pair each time, what about having multiple admin positions with different roles?

Will we still need to share a single pair of keys for managing the workstations?