Tranquil IT Forum

Hello everyone,

I'm having some trouble setting up the certificate.
The documentation tells us that we don't need to create a new key and that the key we should use is in c:\private\mykey.pem.

So I go to "Generate a certificate":
in the "Destination directory for keys" field, I have C:\wapt\private.
What should I do?
Use the key from the old path c:\private or the one from the new c:\wapt\private?
Because in both cases, the password I'm using doesn't work: "Error creating key: exceptions.TypesError: Password was given but private key is not encrypted."

Regards,
Elminio

Good morning,

If you have followed the documentation correctly, you should now indeed protect your private key with a password:

• https://www.wapt.fr/fr/doc/waptserver_u ... grade.html

The private key must not NEVER be stored in C:\wapt\private since this is the installation directory of your WAPT agent and therefore encapsulated when the agent is created.

You would end up with a private key scattered across your entire network.

So it is indeed the private key located in C:\private which must be protected and from which you will need to generate a certificate with the Code-Signing attribute

Sincerely,

Alexander

Hello agauvrit,

however, I get this error message "Error creating key: exceptions.TypesError: Password was given but private key is not encrypted." when I enter a password for the private key.

Elminio

Good morning,

I've added a screenshot to the documentation:

• https://www.wapt.fr/fr/doc/waptserver_u ... private-key

Your message means that the private key has not been password-protected and that you cannot currently generate a certificate for it.

Alexander

I'm still having my little certificate problems.
Now, when I re-sign all the packages:
`wapt-signpackages -i -s --message-digest=sha256,sha1 -c C:\private\Clef.crt C:\wapt\waptserver\repository\wapt\*.wapt`,
I get this error:
Error: Certificate None doesn't allow to sign packages with setup.py file.

Elminio

The certificate you're using likely lacks the Code-Signing attribute.

Generate a new certificate with the Code-Signing attribute from Tools > Generate Certificate, then resign your packages using this certificate.

- Alexandre

One last thing:

I re-signed the packages and it works.
But I'm stuck at the FQDN to UUID conversion (I haven't generated the agent yet).
"Finally, rename (convert FQDN to UUID) and re-sign the machine packages (skip this step if you chose fqdn_as_uuid when generating the agent)."



Elminio

Perfect!

There's an omission in the documentation regarding the signing of machine packages; we'll correct it.

This should be a bit clearer: https://www.wapt.fr/fr/doc/waptserver_u ... ml#windows

OK, that's all good for me regarding the certificate part (thank you).
When creating the agent, I get this error (see attached image).

Elminio