<html><body><div style="font-family: Andale Mono; font-size: 12pt; color: #000000"><div>Bonjour,<br></div><div><br data-mce-bogus="1"></div><div>J'ai fait la modification mais j'ai un problème. Maintenant les anciens agents ne dialogue plus. J'ai l'erreur : certificate check failed<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>Que faire ?<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>Cordialement,<br data-mce-bogus="1"></div><div><br></div><div data-marker="__SIG_PRE__"><div><div style="color: #5e5e5d; font-size: 13px; font-family: arial;"><b><span style="color: #333333;">Frédéric GARESCHÉ</span><br></b></div><div style="color: #5e5e5d; font-size: 13px; font-family: arial;"><span style="color: #808080;"><b>Équipe Assistance et Exploitation<br></b></span></div><div style="color: #5e5e5d; font-size: 13px; font-family: arial;"><span style="color: #808080;"><b>Direction du Système d'Information (D.S.I)</b></span></div><div style="color: #5e5e5d; font-size: 13px; font-family: arial;"><span style="color: #808080;"><b>Correspondant Département EII et laboratoire IETR<br></b>Tél. : +33 (0)2 23 2<strong>3 82 81</strong></span></div><div style="color: #5e5e5d; font-size: 13px; font-family: arial;"><div><span style="color: #808080;">20 avenue des Buttes de Coësmes</span><br><span style="color: #808080;">CS 70839 - 35 708 RENNES Cedex 7</span></div></div><div style="color: #5e5e5d; font-size: 13px; font-family: arial;"><span style="color: #808080;"></span><br></div><a href="https://www.insa-rennes.fr" target="_blank"><img src="http://ressources.insa-rennes.fr/images/logos/logo-INSARennes_mail.jpg" alt="" data-mce-src="http://ressources.insa-rennes.fr/images/logos/logo-INSARennes_mail.jpg"></a><br></div></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>De: </b>"Hubert TOUVET" <htouvet@tranquil.it><br><b>À: </b>"wapt" <wapt@lists.tranquil.it><br><b>Envoyé: </b>Mercredi 3 Avril 2019 18:38:34<br><b>Objet: </b>Re: [Wapt] warning no `subjectAltName` certificat lors de la création de paquets wapt 1.7.4<br></div><div><br></div><div data-marker="__QUOTED_TEXT__">le build 5998 hash(3fe6476d) en nightly corrige ce problème.<br>
<br>
il faut effacer les clé et certificat du nginx avant de lancer le
postconf.sh <br>
<tt><br>
</tt><tt>cd</tt><tt><br>
</tt><tt>rm tis-waptserver*.deb tis-waptsetup*.deb </tt><tt><br>
</tt><tt>wget
<a class="moz-txt-link-freetext" href="https://wapt.tranquil.it/wapt/nightly/wapt-1.7.4.0-5998-3fe6476d/tis-waptserver-1.7.4.0-tisdeb9-5998-3fe6476d.deb" target="_blank">https://wapt.tranquil.it/wapt/nightly/wapt-1.7.4.0-5998-3fe6476d/tis-waptserver-1.7.4.0-tisdeb9-5998-3fe6476d.deb</a></tt><tt><br>
</tt><tt>wget
<a class="moz-txt-link-freetext" href="https://wapt.tranquil.it/wapt/nightly/wapt-1.7.4.0-5998-3fe6476d/tis-waptsetup-1.7.4.0-tisdeb9-5998-3fe6476d.deb" target="_blank">https://wapt.tranquil.it/wapt/nightly/wapt-1.7.4.0-5998-3fe6476d/tis-waptsetup-1.7.4.0-tisdeb9-5998-3fe6476d.deb</a></tt><tt><br>
</tt><tt>
dpkg -i tis-waptserver*.deb</tt><tt><br>
</tt><tt>
dpkg -i tis-waptsetup*.deb</tt><tt><br>
</tt><tt>rm /opt/wapt/waptserver/ssl/*.pem</tt><tt><br>
</tt><tt>/opt/wapt/waptserver/scripts/postconf.sh</tt><tt><br>
</tt><tt><br>
</tt><tt># verif</tt><tt><br>
</tt><tt>openssl x509 -in /opt/wapt/waptserver/ssl/cert.pem -text
-noout</tt><br>
<br>
<br>
<br>
<div class="moz-cite-prefix">Le 03/04/2019 à 11:49, Hubert TOUVET a
écrit :<br>
</div>
<blockquote cite="mid:0bf802af-e30d-ca7b-b5f0-652470774757@tranquil.it">
Effectivement, dans le posconf serveur linux, le certificat n'a
pas de subjectAltName.<br>
Vous pouvez recréer la clé et le certificat pour le nginx sur le
serveur avec la commande (une seule ligne !) : <br>
<br>
<tt>openssl req -new -x509 -newkey rsa:2048 -nodes -days 3650 -out
/opt/wapt/waptserver/ssl/cert.pem -keyout
/opt/wapt/waptserver/ssl/key.pem -subj
/C=FR/ST=Wapt/L=Wapt/O=Wapt/CN=wapt2.insa-rennes.fr -reqexts SAN
-extensions SAN -config <(cat /etc/ssl/openssl.cnf
<(printf "[SAN]\nsubjectAltName=DNS:wapt2.insa-rennes.fr"))</tt><br>
<br>
<br>
Je corrige le script en conséquence pour les prochaines
versions...<br>
<br>
<br>
<div class="moz-cite-prefix">Le 02/04/2019 à 09:04, Frederic
Garesche a écrit :<br>
</div>
<blockquote cite="mid:972296910.527979.1554188653207.JavaMail.zimbra@insa-rennes.fr">
<div style="font-family: Andale Mono; font-size: 12pt; color:
#000000">
<div>Bonjour,<br>
</div>
<div><br>
</div>
<div>On a installer un serveur debian 9 avec wapt en 1.7.3.11.<br>
</div>
<div>Généré le cetificat avec postconf<br>
</div>
<div><br>
</div>
<div>Et maintenant à chaque construction de paquet, on a :<br>
</div>
<div><br>
</div>
<div>C:\wapt\lib\site-packages\urllib3\connection.py:362:
SubjectAltNameWarning: Certificate for wapt2.insa-rennes.fr
has no `subjectAltName`, falling back to check for a
`commonName` for now. This feature is being removed by major
browsers and deprecated by RFC 2818. (See <a class="moz-txt-link-freetext" href="https://github.com/shazow/urllib3/issues/497" target="_blank">https://github.com/shazow/urllib3/issues/497</a>
for details.)<br>
SubjectAltNameWarning<br>
</div>
<div><br>
</div>
<div>Comment faire pour ajouter
SubjectAltName dans le
certificat ?<br>
</div>
<div><br>
</div>
<div>Cordialement,<br>
</div>
<div><br>
</div>
<div>
<div>
<div style="color: #5e5e5d; font-size: 13px; font-family:
arial;"><b><span style="color: #333333;">Frédéric
GARESCHÉ</span><br>
</b></div>
<div style="color: #5e5e5d; font-size: 13px; font-family:
arial;"><span style="color: #808080;"><b>Équipe
Assistance et Exploitation<br>
</b></span></div>
<div style="color: #5e5e5d; font-size: 13px; font-family:
arial;"><span style="color: #808080;"><b>Direction du
Système d'Information (D.S.I)</b></span></div>
<div style="color: #5e5e5d; font-size: 13px; font-family:
arial;"><span style="color: #808080;"><b>Correspondant
Département EII et laboratoire IETR<br>
</b>Tél. : +33 (0)2 23 2<strong>3 82 81</strong></span></div>
<div style="color: #5e5e5d; font-size: 13px; font-family:
arial;">
<div><span style="color: #808080;">20 avenue des Buttes
de Coësmes</span><br>
<span style="color: #808080;">CS 70839 - 35 708 RENNES
Cedex 7</span></div>
</div>
<div style="color: #5e5e5d; font-size: 13px; font-family:
arial;"><span style="color: #808080;"></span><br>
</div>
<a href="https://www.insa-rennes.fr" target="_blank"><img alt="" data-mce-src="http://ressources.insa-rennes.fr/images/logos/logo-INSARennes_mail.jpg" src="http://ressources.insa-rennes.fr/images/logos/logo-INSARennes_mail.jpg"></a><br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre">_______________________________________________
WAPT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it" target="_blank">WAPT@lists.tranquil.it</a>
<a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt" target="_blank">http://lists.tranquil.it/listinfo/wapt</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre">_______________________________________________
WAPT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it" target="_blank">WAPT@lists.tranquil.it</a>
<a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt" target="_blank">http://lists.tranquil.it/listinfo/wapt</a>
</pre>
</blockquote>
<br>
<br>_______________________________________________<br>WAPT mailing list<br>WAPT@lists.tranquil.it<br>http://lists.tranquil.it/listinfo/wapt<br></div></div></body></html>