NMC2 Does Not Support RSA512 Certificates Using NMCSecurityWizardCLI
APC UPS Data Center & Enterprise Solutions Forum
Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send InviteCancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
NMC2 Does Not Support RSA512 Certificates Using NMCSecurityWizardCLI
I have been Googling like crazy as well as talking to technical support to get information on why when using the NMCSecurityWizardCLI. I was using 1.0.1 as well as 1.0.4. Finally had to contact support to access 1.0.0. Here is what I found.
1.0.0 - Works correctly as it should.
1.0.1 - Breaks when trying to --import a certificate. Something is wrong with the csl32.dll.
1.0.4 - It does work but it doesn't include access to SAN objects of which many needs.
So even after using 1.0.0 and creating a correct .p15 certificate when I try to import into the NMC2 I have on my 8K UPS. The Model is AP9537SUM which is also equivalent to the AP9630/AP9631. When I do the import just as many posts on the Internet show is that the certificate shows "Loading Certificate" forever.
After doing a lot of troubleshooting with support we found the issue is the Signature Algorithm on my domain. I am running a Windows Server 2019 domain with a CA and my CA has a 512RSA algorithm enforced. Because of this the import is not working. The NMC2 and NMC3 only supports 256RSA algorithm according to support. I would have to downgrade the security algorithm of my domain to establish a certificate for this device.
I believe this the issue everyone has been having for the past many years. If you found a way around this let me know. We don't use OpenSSL and will not install it. We are also running this on an offline network so Internet Access is not usable either.