Brand Logo
Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
close
  • Community Home
  • Forums
    • By Topic
    • By Topic
      EcoStruxure Building
      • Field Devices Forum
      • SmartConnector Forum
      EcoStruxure Power & Grid
      • Gateways and Energy Servers
      • Metering & Power Quality
      APC UPS, Critical Power, Cooling and Racks
      • APC UPS Data Center & Enterprise Solutions Forum
      • APC UPS for Home and Office Forum
      EcoStruxure IT
      • EcoStruxure IT forum
      Remote Operations
      • EcoStruxure Geo SCADA Expert Forum
      • Remote Operations Forum
      Industrial Automation
      • Alliance System Integrators Forum
      • AVEVA Plant SCADA Forum
      • CPG Expert Forum DACH
      • EcoStruxure Automation Expert / IEC 61499 Forum
      • Fabrika ve Makina Otomasyonu Çözümleri
      • Harmony Control Customization Forum
      • Industrial Edge Computing Forum
      • Industry Automation and Control Forum
      • Korea Industrial Automation Forum
      • Machine Automation Forum
      • Modicon PAC Forum
      • PLC Club Indonesia
      Schneider Electric Wiser
      • Schneider Electric Wiser Forum
      Power Distribution IEC
      • Eldistribution & Fastighetsautomation
      • Elektrik Tasarım Dağıtım ve Uygulama Çözümleri
      • Paneelbouw & Energie Distributie
      • Power Distribution and Digital
      • Solutions for Motor Management
      • Specifiers Club ZA Forum
      • Електропроектанти България
      Power Distribution NEMA
      • Power Monitoring and Energy Automation NAM
      Power Distribution Software
      • EcoStruxure Power Design Forum
      • LayoutFAST User Group Forum
      Light and Room Control
      • SpaceLogic C-Bus Forum
      Solutions for your Business
      • Solutions for your Business Forum
      Support
      • Ask the Community
  • Knowledge Center
    • Building Automation Knowledge Base
    • Geo SCADA Knowledge Base
    • Industrial Automation How-to videos
    • Digital E-books
    • Success Stories Corner
  • Events & Webinars
    • All Events
    • Innovation Talks
    • Innovation Summit
    • Let's Exchange Series
    • Partner Success
    • Process Automation Talks
    • Technology Partners
  • Ideas
    • EcoStruxure Building
      • EcoStruxure Building Advisor Ideas
      Remote Operations
      • EcoStruxure Geo SCADA Expert Ideas
      • Remote Operations Devices Ideas
      Industrial Automation
      • Modicon Ideas & new features
  • Blogs
    • By Topic
    • By Topic
      EcoStruxure Power & Grid
      • Backstage Access Resources
      Remote Operations
      • Remote Operations Blog
      Industrial Automation
      • Industrie du Futur France
      • Industry 4.0 Blog
      Power Distribution NEMA
      • NEMA Power Foundations Blog
      Light and Room Control
      • KNX Blog
      Knowledge Center
      • Digital E-books
      • Geo SCADA Knowledge Base
      • Industrial Automation How-to videos
      • Success Stories Corner

Creating CA signed certificate for NMC2

APC UPS Data Center & Enterprise Solutions Forum

Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Communities
  • APC UPS, Critical Power, Cooling and Racks
  • APC UPS Data Center & Enterprise Solutions Forum
  • Creating CA signed certificate for NMC2
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
BillP
Administrator BillP Administrator
5022
voidstar_apc
Janeway voidstar_apc
195
Erasmus_apc
Sisko Erasmus_apc
111
TheNotoriousKMP_apc
Sisko TheNotoriousKMP_apc
108
View All
Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to APC UPS Data Center & Enterprise Solutions Forum
Solved
cwspeers_apc
cwspeers_apc
Cadet

Posted: ‎2021-06-28 11:25 AM

0 Likes
11
1681
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

Creating CA signed certificate for NMC2

This was originally posted on APC forums on 7/7/2020


I am attempting to create new certificates for our NMC2 modules that are signed by our CA, instead of the self signed certs.

While attempting to use the NMCSecurityWizard CLI v1.0.1 to create new p15 certificates I encounter the following error.

{

NMCSecurityWizardCLI --import -o apc1out -s apc1.cer -p apc1

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

}


I have confirmed that all the file names that are flagged in the above command are correct. It seems to happen no matter what order I put the flags in. I get the same "Bad argument, parameter 3" .

Has anyone seen this error before? If so, any idea how to correct it?

Thanks,

Labels
  • Labels:
  • Smart-UPS & Symmetra LX | RM
Reply
Share
  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This reply was originally posted by Gavan on APC forums on 7/21/2020


Hi Ian,

I've been able to create a certificate with no issue using those exact commands and my lab CA.

Can you try using this slightly older version of security wizard and also disable any real-time or on-access AV or IPS that might be interfering with the wizard. Also confirm that you are using the base64 export from the CA.

https://schneider-electric.box.com/s/b0nbkuzqcc1b8ka0r2sa4xzqljua44vl

-Gavan

See Answer In Context

Reply
Share
Replies 11
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This reply was originally posted by Gavan on APC forums on 7/8/2020


Hi Chris,

This is generally when the SecWiz program doesn't like on of the files that your trying to pass to it, can you follow the steps in the guide below:

https://schneider-electric.box.com/s/wkhf0nwpl40rhmia33hbfuk2j0r7da09

-Gavan

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This reply was originally posted by Ian on APC forums on 7/20/2020


I too am seeing the same error and have followed the PDF guide exactly. I am on a Windows Domain also. My SSL certificate is up for renewal on the 30th. Is there anything else I can try? Or can I get access to the old Wizard (pre CLI)?

R:\Certificates (SSL)\UPS\NMCSecurityWizardCLI>NMCSecurityWizardCLI.exe --import -o upsas -s certnew.cer -p upsa

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

  • Tags:
  • cert
  • ssl
  • wizard
Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This reply was originally posted by Gavan on APC forums on 7/21/2020


Hi Ian,

You can use the old Security Wizard GUI, however Chrome and Chromium based browsers will still show error messages as the old GUI software doesn't fill in a field that they require. 

Could you confirm that you are using an unaltered "Web Server" template with a two year expiry?

Also could you post the exact command used to create the CSR?

-Gavan 

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This reply was originally posted by Ian on APC forums on 7/21/2020


Hi Gavan.

Somehow I was able to get this to work 2 years ago (even with the legacy software). Anyway, I am using a Web Server certificate with a two year validity period.

Request Handling CSPs:

  • Microsoft DH Schannel Cryptographic Provider
  • Microsoft RSA SChannel Cyrptographic Provider

Subject Name:

  • Supplied in the request
  • Type of subject Computer or other device

Extensions:

  • Basic Constraints
  • Certificate Template Name
  • Enhanced Key Usage
  • Key Usage

NMCSecurityWizardCLI.exe --csr -o upsa -c CA -g MFPN -n upsalpha.corp.mfpn.ca -d upsalpha.corp.mfpn.ca -a 10.10.0.50 -e ian@myemail.com

NMCSecurityWizardCLI.exe --import -o upsas -s certnew.cer -p upsa

 

Thanks,

Ian

Attachments
Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1679
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This reply was originally posted by Gavan on APC forums on 7/21/2020


Hi Ian,

I've been able to create a certificate with no issue using those exact commands and my lab CA.

Can you try using this slightly older version of security wizard and also disable any real-time or on-access AV or IPS that might be interfering with the wizard. Also confirm that you are using the base64 export from the CA.

https://schneider-electric.box.com/s/b0nbkuzqcc1b8ka0r2sa4xzqljua44vl

-Gavan

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This reply was originally posted by Ian on APC forums on 7/21/2020


Gavan,

Using the version 1.0.0 it worked first try! It would seem there is something in the newer version which is causing the issue. Thanks for sorting this out for me, and hopefully this helps others having the issue until a fix comes out for the new version.

Cheers,

Ian

Reply
Share
cwspeers_apc
cwspeers_apc
Cadet

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This was originally posted on APC forums on 7/21/2020


Gavan, 
it's a great day when you wake up and have a solution to a several month long issue. 

The older client works like a charm. Suggest you get apc to host it on their download page again because that new one is terrible. 

Thanks for the help!

-Chris

Reply
Share
KevITStuff_apc
KevITStuff_apc
Cadet

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This was originally posted on APC forums on 10/8/2020


Hi Guys, 

I have exactly the same problem on a number of different UPS's here. I can only find version 1.0.1 of the software and this does not work at when i submit to a Microsoft PKI infrastructure. Is the 1.0.0 version of the software available anywhere to download ? 

Reply
Share
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This reply was originally posted by Gavan on APC forums on 10/8/2020


https://schneider-electric.box.com/s/ct021cml940zdj50al4zhocjyczf13v8

-Gavan

Reply
Share
AWDavid_apc
AWDavid_apc
Cadet

Posted: ‎2021-06-28 11:25 AM

0 Likes
0
1678
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-06-28 11:25 AM

This was originally posted on APC forums on 12/24/2020


I'm having trouble uploading the CA cert to the NMC. i have no issues creating the SSL though the wizard and getting though our CA server and uploading it is no problem, but the CA cert that goes under Security > 802.1x > configuration. I'm trying to get the UPS 802.1x compliant. after Upload the CA certificate status remains Unknown.

Reply
Share
PetroR
PetroR
Cadet

Posted: ‎2021-11-10 08:17 AM

0 Likes
0
1503
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
Share

Posted: ‎2021-11-10 08:17 AM

I have been struggling to get a certificate on several UPSs since the old GUI wizard stopped working. I am looking at this again as I have just set up a new UPS and want to add an SSL certificate.

I am using NMCSecurityWizardCLI.exe v1.0.1 and following the directions from the readme that came with it.

I do get a new .p15 file (once I realised that it would try and overwrite the original key in the .p15 unless I gave it a different name), however it also errors and the resulting p15 file is not importable to the UPS

 

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

 

I am using the base 64 download to obtain the .cer file from our local CA

 

I have read in several places that version 1.0.0 works but am unable to find a place to download it and am mystified as to why the version that does not work is all that is available on the downloads pages. This issue seems to have been around long enough

 

Can anyone tell me where to get either a working version of the utility or a working set of instructions? The links in this post did not work for me

Thanks

 

  • Tags:
  • english
Reply
Share
Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

Additional options
You do not have permission to remove this product association.
 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this forum after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account?Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2023 Schneider Electric, Inc