<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    SI la vérification du certificat est activée. effectivement, ce
    n'est plus le même certificat ni clé privée, <br>
    donc il faut lors de la construction de l'agent personnalisé
    récupérer le nouveau certificat serveur <br>
    (vous pouvez le faire depuis le dialogue avec un clic droit sur la
    zone Chemin vers le bundle de CA serveurs https :<br>
    <br>
    <img src="cid:part1.D2353AC4.453CF0F8@tranquil.it" alt=""><br>
    <br>
    <br>
    <div class="moz-cite-prefix">Le 04/04/2019 à 14:59, Frederic
      Garesche a écrit :<br>
    </div>
    <blockquote type="cite"
      cite="mid:351958501.223577.1554382763685.JavaMail.zimbra@insa-rennes.fr">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div style="font-family: Andale Mono; font-size: 12pt; color:
        #000000">
        <div>Bonjour,<br>
        </div>
        <div><br data-mce-bogus="1">
        </div>
        <div>J'ai fait la modification mais j'ai un problème. Maintenant
          les anciens agents ne dialogue plus. J'ai l'erreur :
          certificate check failed<br data-mce-bogus="1">
        </div>
        <div><br data-mce-bogus="1">
        </div>
        <div>Que faire ?<br data-mce-bogus="1">
        </div>
        <div><br data-mce-bogus="1">
        </div>
        <div>Cordialement,<br data-mce-bogus="1">
        </div>
        <div><br>
        </div>
        <div data-marker="__SIG_PRE__">
          <div>
            <div style="color: #5e5e5d; font-size: 13px; font-family:
              arial;"><b><span style="color: #333333;">Frédéric GARESCHÉ</span><br>
              </b></div>
            <div style="color: #5e5e5d; font-size: 13px; font-family:
              arial;"><span style="color: #808080;"><b>Équipe Assistance
                  et Exploitation<br>
                </b></span></div>
            <div style="color: #5e5e5d; font-size: 13px; font-family:
              arial;"><span style="color: #808080;"><b>Direction du
                  Système d'Information (D.S.I)</b></span></div>
            <div style="color: #5e5e5d; font-size: 13px; font-family:
              arial;"><span style="color: #808080;"><b>Correspondant
                  Département EII et laboratoire IETR<br>
                </b>Tél. : +33 (0)2 23 2<strong>3 82 81</strong></span></div>
            <div style="color: #5e5e5d; font-size: 13px; font-family:
              arial;">
              <div><span style="color: #808080;">20 avenue des Buttes de
                  Coësmes</span><br>
                <span style="color: #808080;">CS 70839 - 35 708 RENNES
                  Cedex 7</span></div>
            </div>
            <div style="color: #5e5e5d; font-size: 13px; font-family:
              arial;"><span style="color: #808080;"></span><br>
            </div>
            <a href="https://www.insa-rennes.fr" target="_blank"
              moz-do-not-send="true"><img
src="http://ressources.insa-rennes.fr/images/logos/logo-INSARennes_mail.jpg"
                alt=""
data-mce-src="http://ressources.insa-rennes.fr/images/logos/logo-INSARennes_mail.jpg"
                moz-do-not-send="true"></a><br>
          </div>
        </div>
        <div><br>
        </div>
        <hr id="zwchr" data-marker="__DIVIDER__">
        <div data-marker="__HEADERS__"><b>De: </b>"Hubert TOUVET"
          <a class="moz-txt-link-rfc2396E" href="mailto:htouvet@tranquil.it"><htouvet@tranquil.it></a><br>
          <b>À: </b>"wapt" <a class="moz-txt-link-rfc2396E" href="mailto:wapt@lists.tranquil.it"><wapt@lists.tranquil.it></a><br>
          <b>Envoyé: </b>Mercredi 3 Avril 2019 18:38:34<br>
          <b>Objet: </b>Re: [Wapt]  warning no `subjectAltName`
          certificat lors de la création de paquets wapt 1.7.4<br>
        </div>
        <div><br>
        </div>
        <div data-marker="__QUOTED_TEXT__">le build 5998  hash(3fe6476d)
          en nightly corrige ce problème.<br>
          <br>
          il faut effacer  les clé et certificat du nginx avant de
          lancer le postconf.sh <br>
          <tt><br>
          </tt><tt>cd</tt><tt><br>
          </tt><tt>rm tis-waptserver*.deb tis-waptsetup*.deb </tt><tt><br>
          </tt><tt>wget
            <a class="moz-txt-link-freetext"
href="https://wapt.tranquil.it/wapt/nightly/wapt-1.7.4.0-5998-3fe6476d/tis-waptserver-1.7.4.0-tisdeb9-5998-3fe6476d.deb"
              target="_blank" moz-do-not-send="true">https://wapt.tranquil.it/wapt/nightly/wapt-1.7.4.0-5998-3fe6476d/tis-waptserver-1.7.4.0-tisdeb9-5998-3fe6476d.deb</a></tt><tt><br>
          </tt><tt>wget
            <a class="moz-txt-link-freetext"
href="https://wapt.tranquil.it/wapt/nightly/wapt-1.7.4.0-5998-3fe6476d/tis-waptsetup-1.7.4.0-tisdeb9-5998-3fe6476d.deb"
              target="_blank" moz-do-not-send="true">https://wapt.tranquil.it/wapt/nightly/wapt-1.7.4.0-5998-3fe6476d/tis-waptsetup-1.7.4.0-tisdeb9-5998-3fe6476d.deb</a></tt><tt><br>
          </tt><tt> dpkg -i tis-waptserver*.deb</tt><tt><br>
          </tt><tt> dpkg -i tis-waptsetup*.deb</tt><tt><br>
          </tt><tt>rm /opt/wapt/waptserver/ssl/*.pem</tt><tt><br>
          </tt><tt>/opt/wapt/waptserver/scripts/postconf.sh</tt><tt><br>
          </tt><tt><br>
          </tt><tt># verif</tt><tt><br>
          </tt><tt>openssl x509 -in /opt/wapt/waptserver/ssl/cert.pem
            -text -noout</tt><br>
          <br>
          <br>
          <br>
          <div class="moz-cite-prefix">Le 03/04/2019 à 11:49, Hubert
            TOUVET a écrit :<br>
          </div>
          <blockquote
            cite="mid:0bf802af-e30d-ca7b-b5f0-652470774757@tranquil.it">
            Effectivement, dans le posconf serveur linux, le certificat
            n'a pas de subjectAltName.<br>
            Vous pouvez recréer la clé et le certificat pour le nginx
            sur le serveur avec la commande (une seule ligne !) : <br>
            <br>
            <tt>openssl req -new -x509 -newkey rsa:2048 -nodes -days
              3650 -out /opt/wapt/waptserver/ssl/cert.pem -keyout
              /opt/wapt/waptserver/ssl/key.pem -subj
              /C=FR/ST=Wapt/L=Wapt/O=Wapt/CN=wapt2.insa-rennes.fr
              -reqexts SAN -extensions SAN -config <(cat
              /etc/ssl/openssl.cnf <(printf
              "[SAN]\nsubjectAltName=DNS:wapt2.insa-rennes.fr"))</tt><br>
            <br>
            <br>
            Je corrige le script en conséquence pour les prochaines
            versions...<br>
            <br>
            <br>
            <div class="moz-cite-prefix">Le 02/04/2019 à 09:04, Frederic
              Garesche a écrit :<br>
            </div>
            <blockquote
              cite="mid:972296910.527979.1554188653207.JavaMail.zimbra@insa-rennes.fr">
              <div style="font-family: Andale Mono; font-size: 12pt;
                color: #000000">
                <div>Bonjour,<br>
                </div>
                <div><br>
                </div>
                <div>On a installer un serveur debian 9 avec wapt en
                  1.7.3.11.<br>
                </div>
                <div>Généré le cetificat avec postconf<br>
                </div>
                <div><br>
                </div>
                <div>Et maintenant à chaque construction de paquet, on a
                  :<br>
                </div>
                <div><br>
                </div>
                <div>C:\wapt\lib\site-packages\urllib3\connection.py:362:
                  SubjectAltNameWarning: Certificate for
                  wapt2.insa-rennes.fr has no `subjectAltName`, falling
                  back to check for a `commonName` for now. This feature
                  is being removed by major browsers and deprecated by
                  RFC 2818. (See <a class="moz-txt-link-freetext"
                    href="https://github.com/shazow/urllib3/issues/497"
                    target="_blank" moz-do-not-send="true">https://github.com/shazow/urllib3/issues/497</a>
                  for details.)<br>
                    SubjectAltNameWarning<br>
                </div>
                <div><br>
                </div>
                <div>Comment faire pour ajouter SubjectAltName dans le
                  certificat ?<br>
                </div>
                <div><br>
                </div>
                <div>Cordialement,<br>
                </div>
                <div><br>
                </div>
                <div>
                  <div>
                    <div style="color: #5e5e5d; font-size: 13px;
                      font-family: arial;"><b><span style="color:
                          #333333;">Frédéric GARESCHÉ</span><br>
                      </b></div>
                    <div style="color: #5e5e5d; font-size: 13px;
                      font-family: arial;"><span style="color: #808080;"><b>Équipe
                          Assistance et Exploitation<br>
                        </b></span></div>
                    <div style="color: #5e5e5d; font-size: 13px;
                      font-family: arial;"><span style="color: #808080;"><b>Direction
                          du Système d'Information (D.S.I)</b></span></div>
                    <div style="color: #5e5e5d; font-size: 13px;
                      font-family: arial;"><span style="color: #808080;"><b>Correspondant
                          Département EII et laboratoire IETR<br>
                        </b>Tél. : +33 (0)2 23 2<strong>3 82 81</strong></span></div>
                    <div style="color: #5e5e5d; font-size: 13px;
                      font-family: arial;">
                      <div><span style="color: #808080;">20 avenue des
                          Buttes de Coësmes</span><br>
                        <span style="color: #808080;">CS 70839 - 35 708
                          RENNES Cedex 7</span></div>
                    </div>
                    <div style="color: #5e5e5d; font-size: 13px;
                      font-family: arial;"><span style="color: #808080;"></span><br>
                    </div>
                    <a href="https://www.insa-rennes.fr" target="_blank"
                      moz-do-not-send="true"><img alt=""
data-mce-src="http://ressources.insa-rennes.fr/images/logos/logo-INSARennes_mail.jpg"
src="http://ressources.insa-rennes.fr/images/logos/logo-INSARennes_mail.jpg"
                        moz-do-not-send="true"></a><br>
                  </div>
                </div>
              </div>
              <br>
              <fieldset class="mimeAttachmentHeader"></fieldset>
              <pre class="moz-quote-pre">_______________________________________________
WAPT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it" target="_blank" moz-do-not-send="true">WAPT@lists.tranquil.it</a>
<a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt" target="_blank" moz-do-not-send="true">http://lists.tranquil.it/listinfo/wapt</a>
</pre>
            </blockquote>
            <br>
            <br>
            <fieldset class="mimeAttachmentHeader"></fieldset>
            <pre class="moz-quote-pre">_______________________________________________
WAPT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it" target="_blank" moz-do-not-send="true">WAPT@lists.tranquil.it</a>
<a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt" target="_blank" moz-do-not-send="true">http://lists.tranquil.it/listinfo/wapt</a>
</pre>
          </blockquote>
          <br>
          <br>
          _______________________________________________<br>
          WAPT mailing list<br>
          <a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it">WAPT@lists.tranquil.it</a><br>
          <a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt">http://lists.tranquil.it/listinfo/wapt</a><br>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>