[RESOLVED] Problem following renewal of a wildcard certificate
Published: January 27, 2022 - 10:07 AM
WAPT Server Version: 2.1.2
WAPT Agent Version: 2.1.2.10652
WAPT Setup Version: 2.1.2.10652
WAPT Deploy Version: 2.1.2.10652
OS: Linux RHEL 7.9
Administration/Clients: Windows 7 and Windows 10
License: Enterprise
Hello,
The wildcard SSL certificate we use for various administration tools expired yesterday morning. I had renewed and installed it everywhere... or so I thought. This certificate is used, in particular, for WAPT, on the NGINX side. So, I updated the renewed certificate on our WAPT server for the first time and restarted NGINX. When I connect to our server's URL (i.e., https://xxx-wapt.xxxx.info), I can access our server's homepage, and the wildcard certificate is valid until 2023.
But on the WAPT console, I can't connect. When checking my local WAPT console configuration, if I uncheck "Verify HTTPS server certificate," the URLs of the main repository and the WAPT server are recognized as valid. If I check the same box, it no longer works. Clicking on "Retrieve HTTPS server certificate" correctly retrieves my certificate in "C:\Program Files (x86)\wapt\ssl\server," but this doesn't work with the checkbox selected.
After consulting the documentation, I saw that it's preferable to use the "verify_cert=1" option when using a commercial certificate. Indeed, with this option and the checkbox selected, the problem persists in my console.
However, when I type the command `wapt-get enable-check-certificate` on my own machine, I get a critical error: `
CRITICAL Common name of certificate (*.xxxx.info) does not match server hostname (xxx-wapt.xxxx.info)`.
This is surprising since it's the same type of certificate as before. I even tried repeating the postconf.sh procedure, but without success.
Now, my main problem is that I've lost all my monitored machines in the WAPT console. In fact, they're all there, but they're all in "DISCONNECTED" status, except for my own machine.
I updated a GPO where the wapt-get.ini file is deployed by adding the option `verify_cert=1` in the [global] section. I figured that if it worked for the console, it would work for the agent on the client machines. I pushed the GPO to the workstations yesterday while waiting for the WAPT service to restart this morning. My users are having trouble connecting.
Last night, I had two additional machines connected, so I thought everything would be back to normal, but this morning, no more machines are connected...
What did I do wrong, and how can I fix this problem?
Thank you in advance for your help.
WAPT Agent Version: 2.1.2.10652
WAPT Setup Version: 2.1.2.10652
WAPT Deploy Version: 2.1.2.10652
OS: Linux RHEL 7.9
Administration/Clients: Windows 7 and Windows 10
License: Enterprise
Hello,
The wildcard SSL certificate we use for various administration tools expired yesterday morning. I had renewed and installed it everywhere... or so I thought. This certificate is used, in particular, for WAPT, on the NGINX side. So, I updated the renewed certificate on our WAPT server for the first time and restarted NGINX. When I connect to our server's URL (i.e., https://xxx-wapt.xxxx.info), I can access our server's homepage, and the wildcard certificate is valid until 2023.
But on the WAPT console, I can't connect. When checking my local WAPT console configuration, if I uncheck "Verify HTTPS server certificate," the URLs of the main repository and the WAPT server are recognized as valid. If I check the same box, it no longer works. Clicking on "Retrieve HTTPS server certificate" correctly retrieves my certificate in "C:\Program Files (x86)\wapt\ssl\server," but this doesn't work with the checkbox selected.
After consulting the documentation, I saw that it's preferable to use the "verify_cert=1" option when using a commercial certificate. Indeed, with this option and the checkbox selected, the problem persists in my console.
However, when I type the command `wapt-get enable-check-certificate` on my own machine, I get a critical error: `
CRITICAL Common name of certificate (*.xxxx.info) does not match server hostname (xxx-wapt.xxxx.info)`.
This is surprising since it's the same type of certificate as before. I even tried repeating the postconf.sh procedure, but without success.
Now, my main problem is that I've lost all my monitored machines in the WAPT console. In fact, they're all there, but they're all in "DISCONNECTED" status, except for my own machine.
I updated a GPO where the wapt-get.ini file is deployed by adding the option `verify_cert=1` in the [global] section. I figured that if it worked for the console, it would work for the agent on the client machines. I pushed the GPO to the workstations yesterday while waiting for the WAPT service to restart this morning. My users are having trouble connecting.
Last night, I had two additional machines connected, so I thought everything would be back to normal, but this morning, no more machines are connected...
What did I do wrong, and how can I fix this problem?
Thank you in advance for your help.