Tranquil IT Forum

Hello,
this might be a silly question, but can WAPT clients use HTTPS server certificate verification with a self-signed certificate?
It's not very clear in this documentation:
https://www.wapt.fr/fr/doc/Installation ... ertificate

"This self-signed certificate will not be recognized by browsers and will not allow for proper verification of the WAPT server."

Thank you.

Yes, the WAPT client will verify the certificate, whether self-signed or not.
The difference is that for a commercial certificate, the client already has a list of certification authorities (from "certifi")
In the case of the "authorized" self-signed certificate (which the WAPT client trusts for HTTPS connections to the repository and server), it is distributed during the installation of the custom agent waptagent.exe. It is placed in C:\Program Files (x86)\wapt\ssl\server\ and is referenced in C:\Program Files (x86)\wapt\wapt-get.ini
via the "verify_cert" parameter
Post-checking can be enabled on a client using the command (cmd with Admin privileges elevation)

wapt-get enable-check-certificate

Okay, that's perfect!
In the WAPT configuration, I check the "Verify server HTTPS certificate" box, and specify
the path to the CA bundle. I click the "Get server HTTPS certificate" button, and it retrieves the certificate from C:\wapt\ssl\server\srwwapt.domain.crt.

When I validate, I get an error: "
Error connecting with SSL.
error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed."

Do I need to generate a new certificate? (Knowing that I changed the hostname along the way...)

Thanks

The CN of the certificate used by the HTTPS server must match the hostname of the URL used to access the WAPT server (wapt_server and repo_url)