Tranquil IT Forum

Hello,

I'm a fairly new user and I'm having a recurring problem.
I regularly get errors when launching tasks, as indicated in the title. For example:

"Exception: Package file c:\wapt\cache\prefix-package-name.wapt signature is invalid."

The problem is that two days prior, on the same machine, there were no issues.
I haven't regenerated a certificate in the meantime, the agent and server versions match, and the .crt files (I have two administration machines) are present on the client.

Editing the package and re-building/uploading it seems to work, but with a software suite of several gigabytes (or even tens of gigabytes), I'm wasting a lot of time...

Is it possible to resign the packages from the server (Linux) or is there another technique that would prevent me from having to download/upload the packages every time this happens?

Thank you for your help.

Hello,

in the upcoming version 1.5, there is indeed a script that allows you to re-sign all packages in bulk.

In your case, according to the message, there does seem to be a certificate error in the package.

Are you using the same key on both administration machines?

Recently, with the arrival of the new features, many people have confused the package signing key with the machine key.

Please note, you must use the *.pem file located in c:\private and not the key located in c:\wapt\private\!

Hello,

thank you for your quick reply.
However, I'm not sure I set up WAPT correctly...

On each administration machine, I generated a certificate.
I then pasted the generated .crt file into the c:\wapt\ssl folder on all machines, including the administration machine.

This seemed to solve my problem temporarily (I was getting a "private key does not exist" message on one of the two admin machines), but if I understand your reply correctly, this isn't the right way to do it.

Does this mean there can't be multiple signers?

Thank you and have a good day.

Hello,

your method also works. There can be multiple signers.
However, the machine on which you deploy your packages must have the various certificates.

Hello,

so the problem isn't there; the .crt files are copied to the clients every time they start up.

To get back to my first question, you're confirming that version 1.3 doesn't offer the option to sign packages directly from the server?

Even if it has to be done individually, it would still save me time on downloading and uploading.