Creating a certificate for a Cyberpower ATS PDU44002

fguarco99 · ‎2024-05-14

Hello - this usually hasn't been a problem on other firmware versions.

I am trying to add an web SSL Certificate to our ATS.

Model = PDU44002
Hardware version = 1.1
Firmware Version = 1.3.2

The certificate is generated with our internal Microsoft PKI, with the hostname as SAN and ip address as SAN also.

Once the certificate is uploaded, and the switch is rebooted, it is unreachable via IP address and FQDN.

We are using an RSA 2048 bit key.

I convert the .pfx, with exportable key, to a .pem file normally. and import into the web gui.
openssl pkcs12 -in c:\<file>.pfx -out c:\<file>.pem -nodes

I have also tried converting the .pem file to a .crt via the command below, and uploading.
openssl x509 -in c:\<file>.pem -out c:\<file>.crt
and am still not having any luck.

In Firefox, I get a PR_END_OF_FILE_ERROR.
Chrome and Edge, and Edge in IE mode, just a general security error.

Just in case, I enabled SSL 3.0, TLS 1.0, TLS 1.1 on my Win 11 computer and rebooted, to see if there was a difference - there was none.

These are the cipher suites in the System / Web Service / Https Settings category.
I leave them all enabled:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256

Thanks for any help.

fguarco99 · ‎2024-05-29

I ended up downgrading the firmware from v1.3.2 to v1.2.6 and then uploaded the .pem successfully.