AP7920 SSL Certificate loading issue

BillP · ‎2021-07-12

We are looking to upgrade from old AP7920A PDUs to AP7920B PDUs to use higher security algorithms.

I have a new AP7920B PDU and have being going through configuring it as the older device, but taking advantage of the multiple logins etc.

I have got to the SSL certifcate and am having issues. We generate a csr with the secwiz app, and sign it with our CA and then load the result back onto the PDU. It worked fine on the AP7920A units, but I can not get the same previously working certificate or a newly generated one to load on the AP7920B units, it just sits there when you click Apply, and about five minutes later it goes to Loading Certificate, and just sits there like that, I have waited an hour or so and then rebooted, when the certificate defaults back to internal.

Any ideas how to resolve this gratefully received, I am on the latest firmware release, which, from memory is 6.5.2.

BillP · ‎2021-07-12

Ok, would it be possible for you to send me sample files of what is not working so we can look at this and see if the root cause is the same as with the Microsoft PKI. I need all the files really, the .p15 and .csr the Security Wizard gives you, the signed cert from OpenSSL, and the resulting .p15 you get after importing through the Security Wizard, which is the file you're uploading to the NMC2 in your AP7920B PDU. (The older model uses NMC1.)

And what you said on the other thread, I would be eager to understand the details of what you're having to remove in the files - that meta data you mentioned. I am wondering if you could put a screenshot and detailed explanation of what you're removing so that we on this side could look closely at your files (or a sample file you can generate showing the issue) and then hopefully replicate the problem and go from there. This is the appropriate time for this to happen while we are working on all of this stuff.

I am going to set up a Box folder that you can email privately any details/files/step by step to for us to review.

Here is the email you can send it to: OpenSSL.t1f2qkmwsxanhdiw@u.box.com

Thanks!

See Answer In Context

BillP · ‎2021-07-12

Hello,

Is your CA based on Microsoft PKI/Microsoft Certificate Services? I am assuming so based on your symptoms. If not, let me know what software your CA is based on.

For Microsoft CA, we are working on this right now to come up with a fix. The way too long saga is here: http://forums.apc.com/spaces/7/ups-management-devices-powerchute-software/forums/general/9842/why-do...

..but I think we are very close now to having a fix finally.

BillP · ‎2021-07-12

We host our own CA which is OpenSSl. I have today tried the certificate that will not load on a AP7920A and it loads perfectly.

So the issue is loading the same certificate onto the AP7020B, it just hangs and fails.

So really stuck now.

BillP · ‎2021-07-12

Ok, would it be possible for you to send me sample files of what is not working so we can look at this and see if the root cause is the same as with the Microsoft PKI. I need all the files really, the .p15 and .csr the Security Wizard gives you, the signed cert from OpenSSL, and the resulting .p15 you get after importing through the Security Wizard, which is the file you're uploading to the NMC2 in your AP7920B PDU. (The older model uses NMC1.)

And what you said on the other thread, I would be eager to understand the details of what you're having to remove in the files - that meta data you mentioned. I am wondering if you could put a screenshot and detailed explanation of what you're removing so that we on this side could look closely at your files (or a sample file you can generate showing the issue) and then hopefully replicate the problem and go from there. This is the appropriate time for this to happen while we are working on all of this stuff.

I am going to set up a Box folder that you can email privately any details/files/step by step to for us to review.

Here is the email you can send it to: OpenSSL.t1f2qkmwsxanhdiw@u.box.com

Thanks!