Hello,
we've been using the free version of Wapt for a long time because we don't have the budget, and I thank you for updating the packages on my IT infrastructure.
Now I'd like the schools in my community to also benefit from a local Wapt server in order to create a specific group and access certain users who don't always have the VPN enabled.
Currently, we're using a self-signed, therefore "insecure," certificate via the browser.
Can I retrieve the certificate from the IONOS subdomain and implement it on the Wapt server?
If so, do you have a tutorial to follow?
That way I could follow your final configuration:
https://www.tranquil.it/comment-gerer-d ... avec-wapt/
Thank you in advance.
Wapt server points to external Ionos domain
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
maintenancevla
- Messages: 18
- Registration: March 21, 2018 - 2:30 PM
- Installed WAPT version: 2.6.0.16795
- Server OS: Debian 11
- Administration/package creation machine OS: Windows Server 2019
- Server OS: Debian 11
- Administration/package creation machine OS: Windows Server 2019
-
dcardon
- WAPT Expert
- Messages: 1931
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Maintenance,
Wapt version, OS version, etc. See forum rules above.
Regards,
Denis
Wapt version, OS version, etc. See forum rules above.
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
-
maintenancevla
- Messages: 18
- Registration: March 21, 2018 - 2:30 PM
- Installed WAPT version: 2.6.0.16795
- Server OS: Debian 11
- Administration/package creation machine OS: Windows Server 2019
- Server OS: Debian 11
- Administration/package creation machine OS: Windows Server 2019
- Installed WAPT version: 2.6.0.16795
- Server OS: Debian 11
- Administration/package creation machine OS: Windows Server 2019
- Server OS: Debian 11
- Administration/package creation machine OS: Windows Server 2019
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Why is a signed auto-debit card therefore considered "unsecured"?maintenancevla wrote: ↑March 27, 2025 - 11:03 For the time being we are using a self-signed certificate therefore "not secure" via browser.
If you "pin" the certificate, it's even more secure!
I just advise you to pin the certificate
-
dcardon
- WAPT Expert
- Messages: 1931
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Gilhem,
as Simon mentioned, using a self-signed certificate isn't a problem as long as the certificate is pinned and `verify_cert` is set to 1. However, the "homepage" will appear as insecure in a browser, but this isn't a security bug per se.
From version 2.6 onwards, there's client-side SSL certificate security by default (hence my question about the WAPT version), so there's no problem putting the WAPT server in a DMZ accessible from the internet. However, you must be properly logged in (via Kerberos or login/password).
It's possible to integrate your commercial SSL certificate into the WAPT server, see [1]. That said, you will also need to update the configuration on the existing agents (if the certificate is pinned and `verify_cert=1`), by redeploying the new agent via WAPT (with two servers running in parallel) or via GPO (if the workstations are on a domain).
Regards,
Denis
[1] https://www.wapt.fr/en/doc/wapt-securit ... ganization
as Simon mentioned, using a self-signed certificate isn't a problem as long as the certificate is pinned and `verify_cert` is set to 1. However, the "homepage" will appear as insecure in a browser, but this isn't a security bug per se.
From version 2.6 onwards, there's client-side SSL certificate security by default (hence my question about the WAPT version), so there's no problem putting the WAPT server in a DMZ accessible from the internet. However, you must be properly logged in (via Kerberos or login/password).
It's possible to integrate your commercial SSL certificate into the WAPT server, see [1]. That said, you will also need to update the configuration on the existing agents (if the certificate is pinned and `verify_cert=1`), by redeploying the new agent via WAPT (with two servers running in parallel) or via GPO (if the workstations are on a domain).
Regards,
Denis
[1] https://www.wapt.fr/en/doc/wapt-securit ... ganization
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
