Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[RESOLVED] SSL on WAPTHttpServer secondary repository

https://forum.tranquil.it/viewtopic.php?t=4546

Page 2 of 3

Re: SSL on secondary repository WAPTHttpServer

Published: February 2, 2026 - 1:49 PM
by sterobo
Using Python and import requests, I get the same error, but with curl, it seems to work:

Code: Select all

<!DOCTYPE html><html><body style="font-family:verdana"><h1>WAPTHttpServer Server Error 404</h1><hr><p>HTTP 404 Not Found</p><p>Wrong route</p><small>mORMot 2</small></body></html>

Re: SSL on secondary repository WAPTHttpServer

Published: February 2, 2026 - 1:54 PM
by sfonteneau
curl with "--cacert"?

Re: SSL on secondary repository WAPTHttpServer

Published: February 2, 2026 - 1:56 PM
by sterobo
Yes: curl https://<fqdn du dépôt> --cacert "C:\Program Files (x86)\wapt\ssl\server\ca.crt"

Re: SSL on secondary repository WAPTHttpServer

Published: February 2, 2026 - 1:59 PM
by sfonteneau
So what does this return?

viewtopic.php?p=16771#p16771

Simon

Re: SSL on secondary repository WAPTHttpServer

Published: February 2, 2026 - 2:06 PM
by sterobo
For me, the same error as wapt-get update:

Code: Select all

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 464, in _make_request
    self._validate_conn(conn)
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 1093, in _validate_conn
    conn.connect()
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connection.py", line 790, in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connection.py", line 969, in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 480, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 524, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "ssl.py", line 513, in wrap_socket
  File "ssl.py", line 1104, in _create
  File "ssl.py", line 1375, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1017)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen
    response = self._make_request(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 488, in _make_request
    raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1017)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 644, in send
    resp = conn.urlopen(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 841, in urlopen
    retries = retries.increment(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\retry.py", line 519, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='<fqdn du dépôt>', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1017)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 675, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='<fqdn du dépôt>', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1017)')))

Re: SSL on secondary repository WAPTHttpServer

Published: February 3, 2026 - 9:45 AM
by sfonteneau
I'm a bit stuck; it seems surprising that curl accepts it but not Python.

Could you try setting the secondary repository in the "Main repository URL" configuration to HTTPS in the WAPT console

and then clicking "Verify" to see if that helps?

Re: SSL on secondary repository WAPTHttpServer

Published: February 3, 2026 - 9:56 AM
by sterobo
Yes, I've already tried that and it works, and I do have a line in access443.log:

Code: Select all

x.x.x.x - - [02/Feb/2026:08:55:42 +0000] "HEAD /wapt/ping HTTP/1.1" 200 176 "https://<fqdn du dépôt>" "waptconsole/2.6.1.17472W"

Re: SSL on secondary repository WAPTHttpServer

Published: February 4, 2026 - 1:57 PM
by sfonteneau
I'm a bit stuck; it seems Python is rejecting the certificate, but the console is working...

The last time I saw that, it was an antivirus program that was performing a MITM attack in the middle of a certain application.

to try :

Code: Select all

import waptlicences
waptlicences.get_peer_cert_chain_from_server("https://reposecondaire",r"C:\waptdev\test")
To retrieve the certificate, see...

Re: SSL on secondary repository WAPTHttpServer

Published: February 4, 2026 - 3:48 PM
by sterobo
Mmmh, I have this:

Code: Select all

Traceback (most recent call last):
  File "<console>", line 1, in <module>
AttributeError: module 'waptlicences' has no attribute 'get_peer_cert_chain_from_server'
However, waptcrypto.get_peer_cert_chain_from_server returns [ <SSLCertificate cn='<fqdn du dépôt>' fingerprint=xxxxxx issuer='<Mon AC>' validity=202x-xx-xx - 20xx-xx-xx Code-Signing=False CA=False> ]
While it seems to me that he should also return the intermediate and the AC...

Re: SSL on secondary repository WAPTHttpServer

Published: February 6, 2026 - 3:04 PM
by sterobo
The problem seems to be solved with a more recent version of wapthttpserver.exe (the latest one to be precise), I can go away for the weekend with peace of mind! Thanks for the help, Simon!
Time zone set to UTC+02:00
Page 2 of 3

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru