Brand Logo
Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
close
  • Community Home
  • Forums
    • By Topic
    • By Topic
      EcoStruxure Building
      • Field Devices Forum
      • SmartConnector Forum
      EcoStruxure Power & Grid
      • Gateways and Energy Servers
      • Metering & Power Quality
      APC UPS, Critical Power, Cooling and Racks
      • APC UPS Data Center & Enterprise Solutions Forum
      • APC UPS for Home and Office Forum
      EcoStruxure IT
      • EcoStruxure IT forum
      Remote Operations
      • EcoStruxure Geo SCADA Expert Forum
      • Remote Operations Forum
      Industrial Automation
      • Alliance System Integrators Forum
      • AVEVA Plant SCADA Forum
      • CPG Expert Forum DACH
      • EcoStruxure Automation Expert / IEC 61499 Forum
      • Fabrika ve Makina Otomasyonu Çözümleri
      • Harmony Control Customization Forum
      • Industrial Edge Computing Forum
      • Industry Automation and Control Forum
      • Korea Industrial Automation Forum
      • Machine Automation Forum
      • Modicon PAC Forum
      • PLC Club Indonesia
      Schneider Electric Wiser
      • Schneider Electric Wiser Forum
      Power Distribution IEC
      • Eldistribution & Fastighetsautomation
      • Elektrik Tasarım Dağıtım ve Uygulama Çözümleri
      • Paneelbouw & Energie Distributie
      • Power Distribution and Digital
      • Solutions for Motor Management
      • Specifiers Club ZA Forum
      • Електропроектанти България
      Power Distribution NEMA
      • Power Monitoring and Energy Automation NAM
      Power Distribution Software
      • EcoStruxure Power Design Forum
      • LayoutFAST User Group Forum
      Light and Room Control
      • SpaceLogic C-Bus Forum
      Solutions for your Business
      • Solutions for your Business Forum
      Support
      • Ask the Community
  • Knowledge Center
    • Building Automation Knowledge Base
    • Geo SCADA Knowledge Base
    • Industrial Automation How-to videos
    • Digital E-books
    • Success Stories Corner
  • Events & Webinars
    • All Events
    • Innovation Talks
    • Innovation Summit
    • Let's Exchange Series
    • Partner Success
    • Process Automation Talks
    • Technology Partners
  • Ideas
    • EcoStruxure Building
      • EcoStruxure Building Advisor Ideas
      Remote Operations
      • EcoStruxure Geo SCADA Expert Ideas
      • Remote Operations Devices Ideas
      Industrial Automation
      • Modicon Ideas & new features
  • Blogs
    • By Topic
    • By Topic
      EcoStruxure Power & Grid
      • Backstage Access Resources
      Remote Operations
      • Remote Operations Blog
      Industrial Automation
      • Industrie du Futur France
      • Industry 4.0 Blog
      Power Distribution NEMA
      • NEMA Power Foundations Blog
      Light and Room Control
      • KNX Blog
      Knowledge Center
      • Digital E-books
      • Geo SCADA Knowledge Base
      • Industrial Automation How-to videos
      • Success Stories Corner

Bulk / Command Line Options for Generating CSRs and Certificates for UPS Network Management Cards?

APC UPS Data Center & Enterprise Solutions Forum

Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Communities
  • APC UPS, Critical Power, Cooling and Racks
  • APC UPS Data Center & Enterprise Solutions Forum
  • Bulk / Command Line Options for Generating CSRs and Certificates for UPS Network Management Cards?
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
BillP
Administrator BillP Administrator
5022
voidstar_apc
Janeway voidstar_apc
195
Erasmus_apc
Sisko Erasmus_apc
111
TheNotoriousKMP_apc
Sisko TheNotoriousKMP_apc
108
View All
Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to APC UPS Data Center & Enterprise Solutions Forum
Solved
netadmin_at_princessauto.com_apc
Ensign netadmin_at_princessauto.com_apc
Ensign

Posted: ‎2021-07-01 05:05 AM

0 Likes
25
1198
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:05 AM

Bulk / Command Line Options for Generating CSRs and Certificates for UPS Network Management Cards?

This was originally posted on APC forums on 1/13/2014


In order to secure web traffic to our UPS units we would like to use HTTPS. As we have a corporate Microsoft PKI, we would like to issue our own certificates instead of using self-signed ones.

Via the NMC Security Wizard application we are able to generate CSRs for the UPS network management cards that we have inserted into our Smart UPS units. By submitting these against the default "WebServer" Microsoft PKI certificate template, we can use our corporately-issued certificates with the UPS NMCs. The problem is that this is a very manual process. If we only had a couple of networked UPS units then it wouldn't be that big a deal, but we have many UPS units deployed to many locations.

How can we automate the CSR creation process? It would not be difficult to create a CSV containing the information for each CSR. Once CSRs and key files were output we could bulk submit to our corporate PKI via command line tools.

How can we also then automate the final import of the PKI-issued certificates into the Security Wizard? Again, it would not be hard to make a CSV with the relevant fields populated, but the application would need to support bulk processing via CSV or another method.

Uploading the final "Security Wizard-processed" certificate to the UPS NMC is always going to be a manual process, but we could at least live with that if we didn't have 3x the tedium by manually creating the CSRs and later manually importing the issued certificates into the Security Wizard.

The Microsoft default "WebServer" template is only good for 2 years and the NMCs don't appear to like custom web server templates from what we've actually witnessed and also from people's accounts on the internet. We're therefore going to be stuck doing this every 2 years, so the more automated a process it could be, the better.

Please advise if it is possible to bulk issue CSRs and process the resulting issued certificates, and if not, when that feature will be available. It would also be very useful for APC to supply Microsoft PKI template guidelines for that end users / companies could use create their own templates supporting expiration dates further than only 2 years out. Any attempt to use a custom web server template seems to result in an error "-32" failure when doing the signed certificate import into the security wizard application. The current error message does not help isolate what issues the security wizard has with the custom template-issued certificate, so it is not possible to fix any problems in order to create a valid custom web server template.

Labels
  • Labels:
  • UPS Management Devices & PowerChute Software
Reply
Share
  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
miochum_apc
Crewman miochum_apc
Crewman

Posted: ‎2021-07-01 05:07 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:07 AM

This was originally posted on APC forums on 11/5/2020


Are these tools still available. We have over 600 devices that we need to push wild card certificates to which would be a time consuming task. 

See Answer In Context

Reply
Share
Replies 25
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:05 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:05 AM

This reply was originally posted by Angela on APC forums on 10/24/2014


We can provide a tool, that is not public, to generate wildcard certificates. It also provides a utility to push this out via FTP.

I looked up your case and had created a knowledge base for one issue you encountered: http://www.schneider-electric.com/support/index?page=content&country=US〈=en&locale=en_US&id=FA235654

If wild card certificates (the generic certificates) are OK, I will direct message you on here a link to download those tools via Box to see if they will work for you.

Reply
Share
vasoldier_apc
vasoldier_apc
Cadet

Posted: ‎2021-07-01 05:05 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:05 AM

This was originally posted on APC forums on 10/24/2014


Read the FA176542 good work, spent many hours on that problem.

Yes could you send me the link. Thanks.

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:05 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:05 AM

This reply was originally posted by Angela on APC forums on 10/27/2014


OK, I sent it, let me know if you don't see it in your direct messages on here.

Reply
Share
netadmin_at_princessauto.com_apc
Ensign netadmin_at_princessauto.com_apc
Ensign

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 1/13/2014


In order to secure web traffic to our UPS units we would like to use HTTPS. As we have a corporate Microsoft PKI, we would like to issue our own certificates instead of using self-signed ones.

Via the NMC Security Wizard application we are able to generate CSRs for the UPS network management cards that we have inserted into our Smart UPS units. By submitting these against the default "WebServer" Microsoft PKI certificate template, we can use our corporately-issued certificates with the UPS NMCs. The problem is that this is a very manual process. If we only had a couple of networked UPS units then it wouldn't be that big a deal, but we have many UPS units deployed to many locations.

How can we automate the CSR creation process? It would not be difficult to create a CSV containing the information for each CSR. Once CSRs and key files were output we could bulk submit to our corporate PKI via command line tools.

How can we also then automate the final import of the PKI-issued certificates into the Security Wizard? Again, it would not be hard to make a CSV with the relevant fields populated, but the application would need to support bulk processing via CSV or another method.

Uploading the final "Security Wizard-processed" certificate to the UPS NMC is always going to be a manual process, but we could at least live with that if we didn't have 3x the tedium by manually creating the CSRs and later manually importing the issued certificates into the Security Wizard.

The Microsoft default "WebServer" template is only good for 2 years and the NMCs don't appear to like custom web server templates from what we've actually witnessed and also from people's accounts on the internet. We're therefore going to be stuck doing this every 2 years, so the more automated a process it could be, the better.

Please advise if it is possible to bulk issue CSRs and process the resulting issued certificates, and if not, when that feature will be available. It would also be very useful for APC to supply Microsoft PKI template guidelines for that end users / companies could use create their own templates supporting expiration dates further than only 2 years out. Any attempt to use a custom web server template seems to result in an error "-32" failure when doing the signed certificate import into the security wizard application. The current error message does not help isolate what issues the security wizard has with the custom template-issued certificate, so it is not possible to fix any problems in order to create a valid custom web server template.

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This reply was originally posted by Angela on APC forums on 1/13/2014


I will contact you via direct message if that's OK. We have some tools available that we made available for another issue outlined in the knowledge base (Network Management Card 1 (NMC1) Information Bulletin: Effects of Microsoft Windows Critical Update ...)(that are not publicly released yet) and I think they may solve your issue. They should be provided publicly at some point but they just have not gone through an official release process.

What we can offer is the ability to use wild card certificates (if accepted within your organization even though not technically a "great" option) and a tool in order to "mass push" certs to devices.

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This reply was originally posted by Angela on APC forums on 4/24/2014


Yes, I will send the link to you via Direct Message here.

Reply
Share
agrech88_apc
Crewman agrech88_apc
Crewman

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 4/29/2014


Thanks Angela,

When I use the tool to create a wild card certificate I keep receiving this message.

I have checked and both my RA and CSR are using *my.domain as the CN. I'm using EJBCA to generate the signed cert.

Invalid Certificate CN.

  Expected: *.my.domain

  Actual: 0 Ÿ0   *†H†ý

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This reply was originally posted by Angela on APC forums on 4/29/2014


So are you essentially trying to issue a self signed certificate almost? Like issued by *.mydomain.com to *.mydomain.com (because I don't think that will be allowed)?

If not, I am not sure I am understanding and was wondering if you could provide a screenshot so I could understand better.

Reply
Share
agrech88_apc
Crewman agrech88_apc
Crewman

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 4/29/2014


Thanks for the Reply,

So the DNS to my PDU is ef-dc-pdu1.mydomain.com

1. Within the security tool I select create CSR request I then entering *.mydomain.com as the common name.

2. Then in EJBCA I create an RA request using the common name *.mydomain.com

3. Within EJBCA I sign the certificate which generates a PEM file

4.I use openssl to convert the PEM file to cer\crt

5.I open the security tool to import my signed certificate and choose my original key file

6. When the tool tries combine files I get the error

  Expected: *.my.domain

  Actual: 0 Ÿ0   *†H†ý

Note this same process works fine when I don't use a wildcard and just have ef-dc-pdu1.mydomain.com as the common name.

Perhaps the wildcard should be in a subject alternative name?

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This reply was originally posted by Angela on APC forums on 4/29/2014


Can you give me the exact screenshot from step #6? I've never seen that before and you're saying it comes from the APC security wizard?

Also, so I can make sure we're on the same page, EJBCA is your certificate authority and what is "RA?"

Reply
Share
agrech88_apc
Crewman agrech88_apc
Crewman

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 4/30/2014


2348_Untitled.png

Subject of my CER file - CN = *.mgt.wotifgroup.com

EJBCA = Open Source PKI Certificate Authority

RA = Registration Authority

"A registration authority (RA) is an authority in a network that verifies user requests for adigital certificateand tells the certificate authority (CA) to issue it."

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This reply was originally posted by Angela on APC forums on 4/30/2014


Thank you for the extra detail! I see now.

I don't think you're doing anything wrong. If anything, I think there is a problem perhaps during the conversion or something in the wizard. I assume your CA only offers PEM output and that is why you are using OpenSSL to convert it to .cer/crt which is accepted by the wizard?

Just curious if you can get this to work properly if you use a CA made by the wizard too, just as a test?

Then I go back to the fact that said if you use the CN of your actual PDU (ef-dc-pdu1.mydomain.com), it works fine...

Reply
Share
agrech88_apc
Crewman agrech88_apc
Crewman

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1194
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 4/24/2014


HI Angela,

Could you also send this tool to me? I have 25 PDUs to create CSR and certificates for.

Thanks Heaps

Reply
Share
kurtr_apc
Crewman kurtr_apc
Crewman

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 6/29/2015


Hey Angela,

I need to deploy certs to like a 100 UPS`s, is this tool still availible?

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This reply was originally posted by Angela on APC forums on 6/29/2015


Yes, I can message a download link to you if you add me as a friend.

Reply
Share
Benji_apc
Ensign Benji_apc
Ensign

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 9/10/2015


Hi Angela,

could you send me a copy of these two tools please as well?
Greatly appreciated!
(I can't access your profile because it is private)

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This reply was originally posted by Angela on APC forums on 9/11/2015


Hi Benjamin,

Yes, I'll send you a download link. My profile is private since I have recently moved to a new role within Schneider and am not spending as much time on this site as part of my daily duties.

Reply
Share
bang_apc
bang_apc
Cadet

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 10/16/2015


Hi, Angela. We need update SSL certificates on 500+ APC NMC (AP961X and AP963X). Could you send me link to your utilities for bulk generate and upload SSL certificates? Thank you!

Reply
Share
coryj_apc
coryj_apc
Cadet

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This was originally posted on APC forums on 1/27/2016


We have a couple dozen NMCs with more on the way.  This tool would be very handy.

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:06 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:06 AM

This reply was originally posted by Angela on APC forums on 1/28/2016


Hi Cory,

You can obtain these tools from tech support via/phone or email. As mentioned above we can give a special APC Security Wizard tool versopn to make wild card certificates and a tool to mass push SSL certs via FTP.

Reply
Share
bozserz_apc
bozserz_apc
Cadet

Posted: ‎2021-07-01 05:07 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:07 AM

This was originally posted on APC forums on 3/14/2017


Hello,

can You please also let me have this tool?

It seems, that it works properly with our old firmware NMC-s (AP9630/9631 with sumx version 6.2.0).

However it seems, that the exact same certificate (created by the instructions on mikeshellenberg.wordpress.org) that was working properly with this 6.2.1 is invalid with version v6.4.6. So in the future I think either the configuratino wizzard has to be modified, or the best would be to issue the request (csr) from the firmware, and have the .cer file imported?

Thanks and best regards

Zoltan

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 05:07 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:07 AM

This reply was originally posted by Angela on APC forums on 3/15/2017


Hi,

Based on what you're describing, I do not think the tools we have will help unfortunately. We have a tool that allows a user to create a wild card certificate so if you do want to do that to work around the issue you're explaining with your existing certificate and use a wild card SSL certificate instead, then yes, we can provide it.

The issue of the certificate working on 6.2.1 and not working with 6.4.6 though is likely something due to the crypt library upgrade we did on the firmware. Are you using a Microsoft CA to issue these? We have identified a few issues relating to Microsoft issued certificates that either provides a -32 error on security wizard or causes the certificate to get rejected by theNMC itself after the .cer is imported. The special tools we can provide will not fix this problem and we are in the middle of making other updates and fixes that will address it. Part of what I explained is here -> http://www.apc.com/us/en/faqs/FA285378

There are limitations to the methods we can provide customers to create and import SSL certificates based on the inner workings of the crypt library unfortunately. These limitations won't allow for what you said about creating a .csr from the firmware and importing into .cer format. Believe me, I wish it was that easy smile

So, if you can clarify what you are going to need the tools mentioned here for, then we can decide if they are likely to help you or not and decide how to move forward.

Reply
Share
jpriko_apc
jpriko_apc
Cadet

Posted: ‎2021-07-01 05:07 AM

0 Likes
0
1196
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:07 AM

This was originally posted on APC forums on 4/17/2018


Any chance you could send the tool over my way, need to push out a number of certs to a new office build.

Thanks!

Josh

Reply
Share
phorne_apc
phorne_apc
Cadet

Posted: ‎2021-07-01 05:07 AM

0 Likes
0
1194
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:07 AM

This was originally posted on APC forums on 3/30/2020


For those of you trying to generate APC certificates with Active Directory Certificate Services, you must use the Web Server template. The principal drawback to this template is that it is limited to 2 years and the template cannot be edited through the management tool. Duplicating the template and regenerating the APC certificate will invoke the dreaded -32 error. After spending two days trying to find a work around, I found a simple way to edit the lifespan. Assuming that you are using AD integrated Enterprise CA, do the following:

1. Using ADSI Edit, Navigate to CN=Services,CN=Public Key Services,CN=Certificate Templates,CN=Configuration,DC={your domain|,DC=com

2. In CN=Web Server, edit pKIExpirationPeriod property. It is in 64 bit FILETIME format. The easiest way to calculate your expiration period is to set it on a modifiable template and then just copy that one over to the Web Server property. In my case, I wanted 10 years which is 00 80 3C 48 D1 CB F4 FF

3. Regenerate your APC certificate and it will have the new expiration date.

I hope this helps. I did not want to have to regenerate a ton of certificates in 2 years.

Reply
Share
miochum_apc
Crewman miochum_apc
Crewman

Posted: ‎2021-07-01 05:07 AM

0 Likes
0
1197
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-07-01 05:07 AM

This was originally posted on APC forums on 11/5/2020


Are these tools still available. We have over 600 devices that we need to push wild card certificates to which would be a time consuming task. 

Reply
Share
Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

Additional options
You do not have permission to remove this product association.
 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this forum after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account?Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2023 Schneider Electric, Inc