Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[SOLVED] Secondary deposit certificate issue since update 2.6

https://forum.tranquil.it/viewtopic.php?t=4217

Page 1 of 1

[SOLVED] Secondary deposit certificate issue since update 2.6

Published: February 7, 2025 - 9:47 AM
by djfb1
Good morning,

Since the update from 2.5 to 2.6, I have been getting an error when installing packages on my PCs or servers at remote sites.
Secondary storage facilities are installed on these sites.
Here is the error message on the console:

Code: Select all

Erreur lors de l'installation de ['srv-bureautique.domain.local(=7)']: erreurs dans les paquets [[('https://srv-wapt.domain.local/wapt/ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt', 'THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]'), None]
And the error message on the server where I'm trying to install the 7zip package:

Code: Select all

2025-02-07 09:22:03,966 [waptcore WaptTaskManager 5200] CRITICAL Error downloading package from http repository, please update... error : THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]
2025-02-07 09:22:03,966 [waptcore WaptTaskManager 5200] CRITICAL Error downloading some files : [('https://srv-secondaire.domain.local/wapt/ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt', 'THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]')]
2025-02-07 09:22:03,966 [waptcore WaptTaskManager 5200] CRITICAL Package ltm-7zip [x64_fr_PROD] not installed due to errors : EWaptDownloadError: Package file ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt not downloaded properly.
Erreur lors de l'installation de ['ltm-7zip']: erreurs dans les paquets [[('https://srv-secondaire.domain.local.ltm.bzh/wapt/ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt', 'THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]'), None], [PackageRequest(package='ltm-7zip',architectures=['x64'],locales=['fr'],maturities=['PROD'],tags=['windows-2012serverr2', 'win-2012serverr2', 'w-2012serverr2', 'windows2012serverr2', 'win2012serverr2', 'w2012serverr2', 'windows', 'win', 'w'],min_os_version=Version('6.3.9600'),max_os_version=Version('6.3.9600')), PackageEntry('ltm-7zip','24.9-46' architecture='x64',maturity='PROD',target_os='windows'), 'Traceback (most recent call last):\n  File "C:\\Program Files (x86)\\wapt\\common.py", line 5471, in install\n    raise EWaptDownloadError(\'Package file %s not downloaded properly.\' % p.filename)\nwaptpackage.EWaptDownloadError: Package file ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt not downloaded properly.\n']]
2025-02-07 09:22:03,966 [wapttasks WaptTaskManager 5200] CRITICAL Task error Installation de ltm-7zip (tâche #78): Exception: Erreur lors de l'installation de ['ltm-7zip']: erreurs dans les paquets [[('https://srv-secondaire.domain.local/wapt/ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt', 'THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]'), None], [PackageRequest(package='ltm-7zip',architectures=['x64'],locales=['fr'],maturities=['PROD'],tags=['windows-2012serverr2', 'win-2012serverr2', 'w-2012serverr2', 'windows2012serverr2', 'win2012serverr2', 'w2012serverr2', 'windows', 'win', 'w'],min_os_version=Version('6.3.9600'),max_os_version=Version('6.3.9600')), PackageEntry('ltm-7zip','24.9-46' architecture='x64',maturity='PROD',target_os='windows'), 'Traceback (most recent call last):\n  File "C:\\Program Files (x86)\\wapt\\common.py", line 5471, in install\n    raise EWaptDownloadError(\'Package file %s not downloaded properly.\' % p.filename)\nwaptpackage.EWaptDownloadError: Package file ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt not downloaded properly.\n']]
Thank you for your help.

Debian Linux Server (2.6)
Secondary Linux Debian (2.6) repositories (secondary-srv)
Console installed on server 2022

Re: Secondary deposit certificate problem since update 2.6

Published: February 7, 2025 - 11:16 AM
by dcardon
Hi Farid,

it seems the secondary repository is configured for HTTPS, but the certificate isn't being recognized. If you have an internal CA, could you add HTTPS certificates that are recognized by the agents? To test, could you configure your remote repository for HTTP instead of HTTPS? (From a security standpoint, the agent validates all downloads at the signature level, so having the secondary repositories in HTTP isn't a major issue.)

Regards,

Denis

Re: Secondary deposit certificate problem since update 2.6

Published: February 7, 2025 - 11:30 AM
by djfb1
Hi Denis,

Yes, it works over HTTP.
We don't use an internal CA.

I'll leave it as is.

Thanks.

Re: Secondary deposit certificate problem since update 2.6

Published: February 7, 2025 - 11:40 AM
by dcardon
Hi again Farid,

thanks for the feedback, :-) I'm marking the topic as RESOLVED.

Denis
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru