Wazuh agent upgrade failure (Wazuh 4.11.2)

After upgrading to the latest version of Wazuh released with the May 2025 update to the SIEMonster environment, this is most likely due to a version that predates 4.7.x of Wazuh and relates to certificate used by Wazuh to sign and verify packages that have expired.

https://github.com/wazuh/wazuh/pull/14842

Errors such as below can be observed

Below are the steps to resolve this.

📘 Windows agents

1. Download the update certificate file from HERE

2. Place this file in “C:\Program Files (x86)\ossec-agent\wpk_root.pem”
   🔖 NOTE: The existing file is to be replaced directly.

3. Rerun the update from the Webui by Clicking on the 3 dots to the right of the agent name and then Clicking “Upgrade”
   

   

📘 Linux agents

1. Download the update certificate file from HERE

2. Place this file in “/var/ossec/etc/wpk_root.pem”
   🔖 NOTE: The existing file is to be replaced directly.

3. Rerun the update from the Webui by Clicking on the 3 dots to the right of the agent name and then Clicking “Upgrade”
   

   

📘 Macos agents

🔖 Please note that for MacOS agents a re-install will be required. There are currently no ARM64 based packages in the wpk upgrade format available from the Wazuh package repositories and there is no mechanism to build these packages. There is however a package for Intel based systems which will work if the following is performed.

1. Download the update certificate file from HERE

2. Place this file in “/Library/Ossec/etc/wpk_root.pem”
   🔖 NOTE: The existing file is to be replaced directly.

3. Rerun the update from the Webui by Clicking on the 3 dots to the right of the agent name and then Clicking “Upgrade”

Please refer to the following link for more detail:

https://github.com/wazuh/wazuh-agent/issues/643

All full agent install can be downloaded from this URL.

https://documentation.wazuh.com/4.11/installation-guide/packages-list.html