FAQ WAPT 2.5 : Answers to your questions
WAPT 2.5 has been available for several months now. In this specific FAQ, you’ll find 10 of the most frequently asked questions and comments.
I have a problem with the signature certificate
If you receive the error: EWaptCertificateUntrustedIssuer (‘Issuer CA certificate CN=blemoigne,C=FR can not be found in supplied bundle’), check that the bundle signing certificate is actually located in the C:\Program Files (x86)\wapt\ssl directory.
My Windows Update is not working properly
When the WUA feature is put into action, Windows Update disables itself.
When WAPTWUA is enabled, it is the WAPT agent that manages Windows Update service starts.
I want to generate a certificate
The certificate must be generated to sign the private key.
- Add the certificate name, as well as the key password.
- Don’t forget, it’s essential to protect your key.
- When updating the WAPT console, if you have already defined and deployed a certificate on your fleet of computers,you must select the currently defined certificate. You must not create a new certificate.
To do this, follow these steps: https://www.wapt.fr/fr/doc/wapt-configuration.html#private-key-wapt-private-pem
I have a problem verifying the https certificate on secondary repositories
- If verify_cert=1, you must have a PKI specific to your organisation and the certification authority must be deployed on the machine certificate shops or a commercial certificate.
- If verify_cert=cheminducertificat, the certificates for the server and all the repositories must be in the same file.
I can't download certain packages from the store
Some packages have limited access to WAPT Enterprise licences. This is the case even if you have a trial license.
If you have an Enterprise license, feel free to follow the procedure as follows: https://www.wapt.fr/fr/doc/wapt-console-usage.html#downloading-a-restricted-package-version-from-your-repository
Which identifiers for OS deployment?
When OS is deployed, you will be asked for identifiers. We must be vigilant on certain points:
- Having an account that has an ACL (admin);
- Disabling authentication: you need to change the parameter login_on_wads = False in the file waptserver.ini and restart the service waptserver.
I have a Kerberos certificate problem
If the error SSL_CERTIFICATE_VERIFICATION_FAILED appears in the logs, the machine was not registered correctly and the server has not issued a certificate from its CA to the agent.
This is probably due to faulty Kerberos authentication. Please check.
My package does not appear on my private repository
In order for a package to appear in Private Repository, you must check that the certificate that signed the package is in the ‘authorized package certificates’ directory.
I'm upgrading my WAPT version. What should I do?
After upgrade to 2.5, the agents are disconnected in the console.
The task of upgrading the WAPT Agent can take up to 2 hours. It is also necessary for the workstations to be switched on and for the wapt upgrade package to be in dependency either directly with the machines, or from a domain.
I have a problem with the certificate that signs the WAPT Store packages
- When you first import the package from our public store, a window with a warning message appears on your screen. You can click on ‘trust’. Subsequent times the message will no longer appear for the installation of the same package.
- There may also be an error message that occurs in the WAPT console. In this case, the problem comes from the lack of a path to the trusted certificate. Simply select the C:\Program Files (x86)\wapt\trusted_external_certs directory in the repository settings.
Posts don’t come up correctly in my console
- I change version and upgrade to version 2.5, agents are automatically disconnected my console. The WAPT Agent upgrade task can take up to 2 hours. Think, that it is necessary that the stations are switched on and that the package WAPT upgrade is in dependence or in direct with the machines or of a domain.
3 questions to ask:
- Is the agent’s WAPT Service up and running?
- Check the machine’s certificate present in the directory C:\Program Files (x86)\wapt\private\machineuuid.crt, by double clicking on this file you must check the ‘issued by’ field. If the certificate is self-signed (issued by itself), the agent has not been registered on the server.
- It is also necessary to check the type of authentication to choose according to your infrastructure.
Your question is not in this FAQ?
- Consult our discord: https://discord.com/invite/BSqGacB
- Read our technical documentation : documentation
Are you interested in version 2.5.5?
Do not hesitate to contact the sales department.
Tranquil IT and Cyberwatch interface to detect and correct vulnerabilities in Linux, Windows and MacOS environments
Tranquil IT and Cyberwatch: How to detect and correct vulnerabilities in Linux, Windows and MacOS.
France 2030: Hexagone
The birth of the projectThe French government launched France 2030 in 2021, a project to accelerate the transformation of "key sectors of the...
WAPT 2.5.2 released: What features does it offer?
After several months of development, version 2.5.2 of WAPT is now available. We wanted to deliver a version that improved the security and performance of WAPT. We’ve used 2.5.2 to add some new features and clean up the code.