Tranquil IT Forum

Hello everyone and Happy New Year!

Since this morning I haven't been able to connect with the console and after some investigation it seems to be a problem with the certificate on the server side.
The certificate has expired and I haven't found in the documentation how to regenerate it without console access

Thanks in advance.

Hello Philippe and Happy New Year 2025!

This concerns the server's HTTPS certificate. You don't need the console to update it.

However, to open the console, you must be able to uncheck the "Verify server's HTTPS certificate" box, and the console should then open.

Regarding the WAPT agents, if they have the same configuration (verifying the HTTPS certificate), they will refuse to connect to the server. If it's the certificate that's being restricted and not the authorization, you'll need to push the new HTTPS certificate via GPO or another method for the agents to accept connecting again.

Sincerely,

Denis

Thank you for your reply.

On my PC, with the agent deployed a few weeks ago, I have the following configuration:
I assume it's the verify_cert variable that allows you to check the certificate? When I look at the certificate information contained in C:\Program Files (x86)\wapt\ssl\server\ on my PC, the expiry date is 2033. If I remember correctly, there was a change to this variable since version 2.5 (I'm using the latest version of 2.5, which is an update from 2.4).

I managed to connect to the console by disabling certificate verification, and for the moment the hosts aren't showing any errors (theoretically, they have the same configuration as my PC). I'll wait until tomorrow to see how the hosts behave before proceeding with renewing the HTTP certificate.

Hi again Philippe,

well, it seems the problem lies elsewhere.

Looking at your certificate information, it appears that Kaspersky antivirus is being a bit too intrusive and is performing local HTTPS scanning on the machine [1]. Could you please disable the web filtering function of your antivirus?

Regards,

Denis

[1] https://www.csoonline.com/article/55948 ... tacks.html

Good morning,

This morning there were no connection problems between the different hosts.

I reset my console to its initial configuration to retrieve the certificate stored in C:\Users\xxxxxx\AppData\Local\waptconsole\ssl\server\xxxxx.crt, which is still invalid due to the expiry date.

For the test, I completely disabled Kaspersky on my machine, but the problem persists.

In the console settings, completely by chance I clicked on the icon to the left of the "Repository access error..." message. This opened the browser with the certificate information
For this one, there's no date issue. I admit I'm a bit lost between package certificates and console certificates

Hello

, I think the certificate mentioned here:

C:\Users\xxxxxx\AppData\Local\waptconsole\ssl\server\xxxxx.crt

is the Kaspersky certificate that was retrieved at some point (and is still expired). Could you check?

Simon

Hello Philippe,

could you please click the "Retrieve HTTPS Server Certificate" button to force the retrieval of the correct certificate?

Regards,

Denis

Can you click on the "Retrieve HTTPS Server Certificate" button to force the retrieval of the correct certificate?

Sometimes the simplest solutions are the best

I renamed the old certificate and clicked on Certificate Recovery... And magically, everything is working perfectly with the certificate valid until 2034.

THANKS.