Since this morning I haven't been able to connect with the console and after some investigation it seems to be a problem with the certificate on the server side.
- 2025-01-06_15-48.jpg (154.41 KB) Viewed 6506 times
Thanks in advance.
[RESOLVED] Expired certificate
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Hello everyone and Happy New Year!
Since this morning I haven't been able to connect with the console and after some investigation it seems to be a problem with the certificate on the server side.
The certificate has expired and I haven't found in the documentation how to regenerate it without console access
Thanks in advance.
Since this morning I haven't been able to connect with the console and after some investigation it seems to be a problem with the certificate on the server side.
The certificate has expired and I haven't found in the documentation how to regenerate it without console access
Thanks in advance.
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Philippe and Happy New Year 2025!
This concerns the server's HTTPS certificate. You don't need the console to update it.
However, to open the console, you must be able to uncheck the "Verify server's HTTPS certificate" box, and the console should then open.
Regarding the WAPT agents, if they have the same configuration (verifying the HTTPS certificate), they will refuse to connect to the server. If it's the certificate that's being restricted and not the authorization, you'll need to push the new HTTPS certificate via GPO or another method for the agents to accept connecting again.
Sincerely,
Denis
This concerns the server's HTTPS certificate. You don't need the console to update it.
However, to open the console, you must be able to uncheck the "Verify server's HTTPS certificate" box, and the console should then open.
Regarding the WAPT agents, if they have the same configuration (verifying the HTTPS certificate), they will refuse to connect to the server. If it's the certificate that's being restricted and not the authorization, you'll need to push the new HTTPS certificate via GPO or another method for the agents to accept connecting again.
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Thank you for your reply.
On my PC, with the agent deployed a few weeks ago, I have the following configuration:
I assume it's the verify_cert variable that allows you to check the certificate? When I look at the certificate information contained in C:\Program Files (x86)\wapt\ssl\server\ on my PC, the expiry date is 2033. If I remember correctly, there was a change to this variable since version 2.5 (I'm using the latest version of 2.5, which is an update from 2.4).
I managed to connect to the console by disabling certificate verification, and for the moment the hosts aren't showing any errors (theoretically, they have the same configuration as my PC). I'll wait until tomorrow to see how the hosts behave before proceeding with renewing the HTTP certificate.
On my PC, with the agent deployed a few weeks ago, I have the following configuration:
Code: Select all
global
use_hostpackages=1
use_kerberos=0
max_gpo_script_wait=180
pre_shutdown_timeout=180
hiberboot_enabled=0
repo_url=https://xxxxx/wapt
wapt_server=https://xxxxx
verify_cert=C:\Program Files (x86)\wapt\ssl\server\svxxxxx.crtI managed to connect to the console by disabling certificate verification, and for the moment the hosts aren't showing any errors (theoretically, they have the same configuration as my PC). I'll wait until tomorrow to see how the hosts behave before proceeding with renewing the HTTP certificate.
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi again Philippe,
well, it seems the problem lies elsewhere.
Looking at your certificate information, it appears that Kaspersky antivirus is being a bit too intrusive and is performing local HTTPS scanning on the machine [1]. Could you please disable the web filtering function of your antivirus?
Regards,
Denis
[1] https://www.csoonline.com/article/55948 ... tacks.html
well, it seems the problem lies elsewhere.
Looking at your certificate information, it appears that Kaspersky antivirus is being a bit too intrusive and is performing local HTTPS scanning on the machine [1]. Could you please disable the web filtering function of your antivirus?
Regards,
Denis
[1] https://www.csoonline.com/article/55948 ... tacks.html
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Good morning,
This morning there were no connection problems between the different hosts.
I reset my console to its initial configuration to retrieve the certificate stored in C:\Users\xxxxxx\AppData\Local\waptconsole\ssl\server\xxxxx.crt, which is still invalid due to the expiry date.
For the test, I completely disabled Kaspersky on my machine, but the problem persists.
In the console settings, completely by chance I clicked on the icon to the left of the "Repository access error..." message. This opened the browser with the certificate information
For this one, there's no date issue. I admit I'm a bit lost between package certificates and console certificates
This morning there were no connection problems between the different hosts.
I reset my console to its initial configuration to retrieve the certificate stored in C:\Users\xxxxxx\AppData\Local\waptconsole\ssl\server\xxxxx.crt, which is still invalid due to the expiry date.
For the test, I completely disabled Kaspersky on my machine, but the problem persists.
In the console settings, completely by chance I clicked on the icon to the left of the "Repository access error..." message. This opened the browser with the certificate information
- 2025-01-07_10-19.jpg (33.32 KB) Viewed 6468 times
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Hello
, I think the certificate mentioned here:
C:\Users\xxxxxx\AppData\Local\waptconsole\ssl\server\xxxxx.crt
is the Kaspersky certificate that was retrieved at some point (and is still expired). Could you check?
Simon
, I think the certificate mentioned here:
C:\Users\xxxxxx\AppData\Local\waptconsole\ssl\server\xxxxx.crt
is the Kaspersky certificate that was retrieved at some point (and is still expired). Could you check?
Simon
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Philippe,
could you please click the "Retrieve HTTPS Server Certificate" button to force the retrieval of the correct certificate?
Regards,
Denis
could you please click the "Retrieve HTTPS Server Certificate" button to force the retrieval of the correct certificate?
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Sometimes the simplest solutions are the bestCan you click on the "Retrieve HTTPS Server Certificate" button to force the retrieval of the correct certificate?
I renamed the old certificate and clicked on Certificate Recovery... And magically, everything is working perfectly with the certificate valid until 2034.
THANKS.
