Hello everyone,
I'm reaching out to the community for advice: what is the recommended procedure when a WAPT administrator leaves the company, particularly regarding their certificate?
Currently, we're leaving all the certificates deployed for fear of issues with anything signed using them.
This doesn't seem ideal. Is there a better way?
Thank you.
Best regards.
Managing outdated administrator certificates
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Hello,
it's quite simple.
If you delete the certificate of the departing admin, then someone else must take over responsibility for the package and therefore re-sign it.
Console -> right-click on a package -> resign packages
it's quite simple.
If you delete the certificate of the departing admin, then someone else must take over responsibility for the package and therefore re-sign it.
Console -> right-click on a package -> resign packages
Thank you!
So, in detail:
- we resign each package (in each installed version) from the departing administrator
- we deactivate their WAPT account
- we remove the outdated certificate from the certificate deployment package
- we delete the outdated certificate package from each client.
Is that correct?
I just tested "Console -> right-click on a package -> resign packages" on one of our packages. This created a "clone" of the package with my name, but the one signed by the former admin still exists, and it's still that package that clients see as installed.
Thank you.
So, in detail:
- we resign each package (in each installed version) from the departing administrator
- we deactivate their WAPT account
- we remove the outdated certificate from the certificate deployment package
- we delete the outdated certificate package from each client.
Is that correct?
I just tested "Console -> right-click on a package -> resign packages" on one of our packages. This created a "clone" of the package with my name, but the one signed by the former admin still exists, and it's still that package that clients see as installed.
Thank you.
