Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

Creating CA signed certificate for NMC2

APC UPS Data Center & Enterprise Solutions Forum

Schneider, APC support forum to share knowledge about installation and configuration for Data Center and Business Power UPSs, Accessories, Software, Services.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • APC UPS, Critical Power, Cooling and Racks
  • APC UPS Data Center & Enterprise Solutions Forum
  • Creating CA signed certificate for NMC2
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
BillP
Administrator BillP Administrator
5060
voidstar_apc
Janeway voidstar_apc
196
Erasmus_apc
Sisko Erasmus_apc
112
TheNotoriousKMP_apc
Sisko TheNotoriousKMP_apc
108
View All

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to APC UPS Data Center & Enterprise Solutions Forum
Solved
Anonymous user
Not applicable

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

1 Like
27
6792
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Creating CA signed certificate for NMC2

I am attempting to create new certificates for our NMC2 modules that are signed by our CA, instead of the self signed certs.

While attempting to use the NMCSecurityWizard CLI v1.0.1 to create new p15 certificates I encounter the following error.

{

NMCSecurityWizardCLI --import -o apc1out -s apc1.cer -p apc1

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

}


I have confirmed that all the file names that are flagged in the above command are correct. It seems to happen no matter what order I put the flags in. I get the same "Bad argument, parameter 3" .

Has anyone seen this error before? If so, any idea how to correct it?

Thanks,

Labels
  • Labels:
  • Smart-UPS & Symmetra LX | RM
Reply

Link copied. Please paste this link to share this article on your social media post.

  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
1
6789
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Hi Ian,

I've been able to create a certificate with no issue using those exact commands and my lab CA.

Can you try using this slightly older version of security wizard and also disable any real-time or on-access AV or IPS that might be interfering with the wizard. Also confirm that you are using the base64 export from the CA.

https://schneider-electric.box.com/s/b0nbkuzqcc1b8ka0r2sa4xzqljua44vl

-Gavan

See Answer In Context

Reply

Link copied. Please paste this link to share this article on your social media post.

Replies 27
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
0
6787
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Hi Chris,

This is generally when the SecWiz program doesn't like on of the files that your trying to pass to it, can you follow the steps in the guide below:

https://schneider-electric.box.com/s/wkhf0nwpl40rhmia33hbfuk2j0r7da09

-Gavan

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
0
6787
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

I too am seeing the same error and have followed the PDF guide exactly. I am on a Windows Domain also. My SSL certificate is up for renewal on the 30th. Is there anything else I can try? Or can I get access to the old Wizard (pre CLI)?

R:\Certificates (SSL)\UPS\NMCSecurityWizardCLI>NMCSecurityWizardCLI.exe --import -o upsas -s certnew.cer -p upsa

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

  • Tags:
  • cert
  • ssl
  • wizard
Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
0
6787
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Hi Ian,

You can use the old Security Wizard GUI, however Chrome and Chromium based browsers will still show error messages as the old GUI software doesn't fill in a field that they require. 

Could you confirm that you are using an unaltered "Web Server" template with a two year expiry?

Also could you post the exact command used to create the CSR?

-Gavan 

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
0
6787
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Hi Gavan.

Somehow I was able to get this to work 2 years ago (even with the legacy software). Anyway, I am using a Web Server certificate with a two year validity period.

Request Handling CSPs:

  • Microsoft DH Schannel Cryptographic Provider
  • Microsoft RSA SChannel Cyrptographic Provider

Subject Name:

  • Supplied in the request
  • Type of subject Computer or other device

Extensions:

  • Basic Constraints
  • Certificate Template Name
  • Enhanced Key Usage
  • Key Usage

IzYa0CEUr0D%2FGNgNjtrqZw%3D%3D.pngIzYa0CEUr0D%2FGNgNjtrqZw%3D%3D.png

NMCSecurityWizardCLI.exe --csr -o upsa -c CA -g MFPN -n upsalpha.corp.mfpn.ca -d upsalpha.corp.mfpn.ca -a 10.10.0.50 -e ian@myemail.com

NMCSecurityWizardCLI.exe --import -o upsas -s certnew.cer -p upsa

 

Thanks,

Ian

Attachments
Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
1
6790
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Hi Ian,

I've been able to create a certificate with no issue using those exact commands and my lab CA.

Can you try using this slightly older version of security wizard and also disable any real-time or on-access AV or IPS that might be interfering with the wizard. Also confirm that you are using the base64 export from the CA.

https://schneider-electric.box.com/s/b0nbkuzqcc1b8ka0r2sa4xzqljua44vl

-Gavan

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
0
6787
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Gavan,

Using the version 1.0.0 it worked first try! It would seem there is something in the newer version which is causing the issue. Thanks for sorting this out for me, and hopefully this helps others having the issue until a fix comes out for the new version.

Cheers,

Ian

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
0
6789
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Gavan, 
it's a great day when you wake up and have a solution to a several month long issue. 

The older client works like a charm. Suggest you get apc to host it on their download page again because that new one is terrible. 

Thanks for the help!

-Chris

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
0
6789
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

Hi Guys, 

I have exactly the same problem on a number of different UPS's here. I can only find version 1.0.1 of the software and this does not work at when i submit to a Microsoft PKI infrastructure. Is the 1.0.0 version of the software available anywhere to download ? 

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
1
6789
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

https://schneider-electric.box.com/s/ct021cml940zdj50al4zhocjyczf13v8

-Gavan

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

0 Likes
0
6789
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-28 11:25 AM . Last Modified: ‎2024-03-15 05:40 AM

I'm having trouble uploading the CA cert to the NMC. i have no issues creating the SSL though the wizard and getting though our CA server and uploading it is no problem, but the CA cert that goes under Security > 802.1x > configuration. I'm trying to get the UPS 802.1x compliant. after Upload the CA certificate status remains Unknown.

Reply

Link copied. Please paste this link to share this article on your social media post.

PetroR
PetroR
Cadet

Posted: ‎2021-11-10 08:17 AM

0 Likes
0
6614
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-11-10 08:17 AM

I have been struggling to get a certificate on several UPSs since the old GUI wizard stopped working. I am looking at this again as I have just set up a new UPS and want to add an SSL certificate.

I am using NMCSecurityWizardCLI.exe v1.0.1 and following the directions from the readme that came with it.

I do get a new .p15 file (once I realised that it would try and overwrite the original key in the .p15 unless I gave it a different name), however it also errors and the resulting p15 file is not importable to the UPS

 

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

 

I am using the base 64 download to obtain the .cer file from our local CA

 

I have read in several places that version 1.0.0 works but am unable to find a place to download it and am mystified as to why the version that does not work is all that is available on the downloads pages. This issue seems to have been around long enough

 

Can anyone tell me where to get either a working version of the utility or a working set of instructions? The links in this post did not work for me

Thanks

 

  • Tags:
  • english
Reply

Link copied. Please paste this link to share this article on your social media post.

Rookie36
Crewman Rookie36
Crewman

Posted: ‎2023-06-02 03:32 PM . Last Modified: ‎2023-06-05 01:34 PM

In response to BillP
1 Like
0
4799
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-06-02 03:32 PM . Last Modified: ‎2023-06-05 01:34 PM

Can this link be  reshared I am having the exact same issue trying to import certs by our CA. I am looking for older version of this utility and link is not working anymore

@BillP just tagging so if you can help me with new link for the older version of NMC

Reply

Link copied. Please paste this link to share this article on your social media post.

lloydsmart
lloydsmart
Cadet

Posted: ‎2023-10-06 08:43 AM

0 Likes
0
4002
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-10-06 08:43 AM

Please can this version 1.0.0 be re-shared? I'm having the exact same problem trying to run:

.\NMCSecurityWizardCLI.exe --import -o PROPERCERT -s certnew.cer -p MYCSR

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
   at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
   at NMCSecurityWizardCLI.Program.Main(String[] args)
Reply

Link copied. Please paste this link to share this article on your social media post.

KingDwight
KingDwight
Cadet

Posted: ‎2023-10-11 06:58 AM

In response to BillP
0 Likes
0
3973
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-10-11 06:58 AM

I am seeing "This shared file or folder link has been removed or is unavailable to you." when clicking on the link you provided.  Can you provide a new link to the 1.0.0?

Reply

Link copied. Please paste this link to share this article on your social media post.

CourtKPrin
Crewman CourtKPrin
Crewman

Posted: ‎2023-10-16 03:06 PM

0 Likes
0
3937
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-10-16 03:06 PM

I started a ticket with support to get 1.0.0. It does not do the -3 bad argument exception error like on 1.0.1, but then the UPS gets stuck on "loading certificate..." after uploading the cert. I'm using Windows CA on Windows 2019 and I read it has to do with the RSA.

 

 

Reply

Link copied. Please paste this link to share this article on your social media post.

gustavohellwig
Crewman gustavohellwig
Crewman

Posted: ‎2023-11-14 03:55 AM

0 Likes
0
3778
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-11-14 03:55 AM

Hi. How do I have access to version 1.0.0 or 1.0.4, which in this case works? I can't find that.

Reply

Link copied. Please paste this link to share this article on your social media post.

gustavohellwig
Crewman gustavohellwig
Crewman

Posted: ‎2023-11-14 04:00 AM

0 Likes
2
3778
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-11-14 04:00 AM

Can someone share the link for version 1.0.0 or 1.0.4 or another one that works? Than you.

Reply

Link copied. Please paste this link to share this article on your social media post.

josbot5070
josbot5070
Cadet

Posted: ‎2023-11-14 11:32 AM

0 Likes
0
3763
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-11-14 11:32 AM

I am having this issue and with no way to install the 1.0.0 are we just supposed to use the http? That is not really an acceptable answer

Reply

Link copied. Please paste this link to share this article on your social media post.

CourtKPrin
Crewman CourtKPrin
Crewman

Posted: ‎2023-11-15 06:37 AM

In response to gustavohellwig
0 Likes
1
3739
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-11-15 06:37 AM

Create a ticket to get 1.0.0.

 

I am using Windows 2019 as the CA and its hash algorithm is configured with SHA384 and it doesn't work with 1.0.0.

Reply

Link copied. Please paste this link to share this article on your social media post.

gustavohellwig
Crewman gustavohellwig
Crewman

Posted: ‎2023-11-17 04:54 AM

0 Likes
0
3705
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-11-17 04:54 AM

I did, but no feedback yet. Can you send me a link?

I'll use a LetsEncrypt wildcard cert for all my UPSs.

Reply

Link copied. Please paste this link to share this article on your social media post.

josbot5070
josbot5070
Cadet

Posted: ‎2023-11-17 07:47 AM

In response to CourtKPrin
0 Likes
0
3705
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-11-17 07:47 AM

CourtKPrin are right I had to create a ticket in order to receive NMCSecurityWizard 1.0.0 and that resolved my issue. I now see the results as:

 

NMC Security Wizard Command Line Utility v1.0.0
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------
Certificate's Issuer Information:
Common Name:  <Whatever info you put for this>

Certificate's Subject Information:
Common Name: <Common Name you selected>
Country: US
Valid From: 11/17/2023 (GMT)
Valid To: 11/16/2024 (GMT)

Certificate's General Information:
Serial Number: <long ##:##:.....>
SHA1 Thumbprint: <long ##:##:.....>

[*] Importing certificate 'cert.p15' has successfully completed.

 

I have been working with a very nice person named Cholo great person I would highly recommend. He also got me setup on a self signed cert until we worked out the error I was having with NMCSecurityWizard.

 

Reply

Link copied. Please paste this link to share this article on your social media post.

MrInOut
MrInOut
Cadet

Posted: ‎2023-12-13 04:19 AM

0 Likes
1
3582
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-12-13 04:19 AM

Hi everyone,

 

could someone provide me the version 1.0.0?

I asked support but did not got anything.

 

Regards,

Mr. InOut

 

Reply

Link copied. Please paste this link to share this article on your social media post.

Rookie36
Crewman Rookie36
Crewman

Posted: ‎2023-12-14 08:20 PM

In response to MrInOut
0 Likes
0
3563
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-12-14 08:20 PM

Here it is, I got this almost an year back from support

Attachments
NMCSecurityWizardCLIUtility_v100.zip
Reply

Link copied. Please paste this link to share this article on your social media post.

Rookie36
Crewman Rookie36
Crewman

Posted: ‎2023-12-14 08:22 PM

0 Likes
1
3563
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-12-14 08:22 PM

Attaching the version 1 here

Attachments
NMCSecurityWizardCLIUtility_v100.zip
Reply

Link copied. Please paste this link to share this article on your social media post.

MrInOut
MrInOut
Cadet

Posted: ‎2023-12-15 10:32 PM

In response to Rookie36
0 Likes
0
3528
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2023-12-15 10:32 PM

Thanks

Reply

Link copied. Please paste this link to share this article on your social media post.

morethanthesky
morethanthesky
Cadet

Posted: ‎2024-01-30 02:39 PM

0 Likes
0
3059
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2024-01-30 02:39 PM

I had zero luck with the wizards from APC, so finally used Digicert Utility and OpenSSL. 

 

I used digicerts utility to create the CSR from my laptop, which means the private key was from the laptop. 

 

Made the cert template on the CA by duplicating the template for "Web Server" and changed the expiration date to 10 years out (because who wants to do this twice).  I downloaded the cert from the /certsrv/ page on the MSFT CA as a Base 64 .cer. 

 

I then opened OpenSSL and exported the key as a PKCS8 with this command line:

openssl genpkey -out C:\rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048

 

Finally after a day of struggling with it, it accepted the cert.  But now I have to figure out how to get it to use the cert for the web interface.  I imagine it has to do with EAPoL/802.1X Access?  What do you put as the "Supplicant Identifier"?

Reply

Link copied. Please paste this link to share this article on your social media post.

CourtKPrin
Crewman CourtKPrin
Crewman

Posted: ‎2024-06-19 12:35 PM

0 Likes
0
2155
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2024-06-19 12:35 PM

I had posted back in November that, "I am using Windows 2019 as the CA and its hash algorithm is configured with SHA384 and it doesn't work with 1.0.0." I recently recreated our PKI and went to a two tier Windows CA with SHA256. I'm now able to create certs which are accepted by the NMC. This works with AP9631 running 7.1.2 and AP9641 running 2.5.0.6.

 

I want to add that I was able to create a cert with additional DNS names using an INF file. I was able to append the root and sub chain to the cert before doing the import process. I read that the Web Server default template had to be used, but I confirmed that I was able to make a duplicate and still use it. To get it to show available in certsrv, I created the duplicate, made no changes, saved it, renamed it, changed the compatibility to 2016, and modified the permissions a bit.

 

Steps:

Create CSR using 1.0.0 utility

NMCSecurityWizardCLI --csr -o <csrfilename> -n <commonname> -c <two-character country> -m <state> -l <city> -g <company> -u <department> -e <supportemail> -i http://<upsfqdn> -d <upshostname>

Create san.inf

[Extensions] 
2.5.29.17 = "{text}DNS=<upshostname>&DNS=<upsfqdn>"

Create new CSR 

certreq -policy -config "<ca server fqdn>\<ca name>" "<csrfilename>.csr" san.inf "<newfilename>.csr"

Request Certificate

Browse to certsrv, copy and paste contents from <newfilename>.csr, select web server template, submit

Select Base 64 encoded and download cert

Append chain to certificate and save as certnewbundle.cer

Import key into certificate

NMCSecurityWizardCLI --import -o <newcertname> -s certnewbundle.cer -p <keyfile>.p15 

Finally, upload <newcertname> to NMC web console

 

I plan to look at what others have done using alternative tools, because I want the renewal automated since the certs expire yearly.

Reply

Link copied. Please paste this link to share this article on your social media post.

Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of