Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

Problem creating certificate for UPS NMC

APC UPS Data Center & Enterprise Solutions Forum

Schneider, APC support forum to share knowledge about installation and configuration for Data Center and Business Power UPSs, Accessories, Software, Services.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • APC UPS, Critical Power, Cooling and Racks
  • APC UPS Data Center & Enterprise Solutions Forum
  • Problem creating certificate for UPS NMC
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
BillP
Administrator BillP Administrator
5060
voidstar_apc
Janeway voidstar_apc
196
Erasmus_apc
Sisko Erasmus_apc
112
Teken
Spock Teken
109
View All

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to APC UPS Data Center & Enterprise Solutions Forum
Solved
Anonymous user
Not applicable

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
7
1884
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

Problem creating certificate for UPS NMC

We've recently upgraded to IE 10 and have run up against this certificate length security change: Microsoft Security Advisory: Update for minimum certificate key length

I've found this guide on APC's website to create and upload anew certificate into the NMC using the APC Security Wizard: http://www.apcmedia.com/salestools/ASTE-6Z5QF2/ASTE-6Z5QF2_R2_EN.pdf

I have generated the CSR and private key, used our Microsoft AD Certificate Server to generate a new cert based on that CSR, and then downloaded the resulting cert in both DER and Base64 format (the guide doesn't specify which the Wizard wants).

However, when I use the wizard to import the new cert (either the DER or Base64) with the private key, I get "Error importing cert, code: -32" (see attachment).

I haven't been able to find anything to tell me what this error means.  Can anyone help?

Attachments
Labels
  • Labels:
  • UPS Management Devices & PowerChute Software
Reply

Link copied. Please paste this link to share this article on your social media post.

  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
0
1883
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

Yes, I agree. The errors are not descriptive at all tongue-out

28 characters might be a little long but I am not sure what I had an issue with previously..it might have been in the 40's.

Let me know if I can help further or answer any other questions.

See Answer In Context

Reply

Link copied. Please paste this link to share this article on your social media post.

Replies 7
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
0
1883
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

Yep, the blog talks about using the "Web Server" template. That is what I was mainly asking about and just hoping that is the template you were using.

At the bottom, there is a note:

That’s it, you’re now setup with a certificate issued by your Microsoft PKI!  I ran into some strange issues when duplicating the “Web Server” template on my CA and attempting to sign certificates with it.  The CA would sign them successfully but the APC Security Wizard would error out during the import process with an error -32 . I spent a few hours playing with this but was unable to find a solution other then just using the Web Server template.

So, you are using that template? Can I ask - so I know all our options - what Network Management Card(s) model(s) and version(s) you are using? Do you require your on SSL Cert on the card or are you basically trying to do whatever possibly to do a 1024 or higher cert? If that's the case, I am thinking you have some older devices that generate a 768 bit and you have to do it this way where as the newer stuff generates 2048.

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
0
1883
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

Ah, that bit.  The certificate templates are managed by the certificate administrator; in my case, we've got a "(SUB) Web Server SO (1024)" template that I'm using.  We don't have one just called "Web Server", and I don't know what settings that blogger had in his "Web Server" template, so I can't check them against our template.

I had kind of assumed that there must be something our cert server is doing to the generated certificate that the Import Wizard doesn't like, but without knowing what error -32 means, I don't know what needs to change.

And yeah, I'm using an older AP9617 NMC on firmware 3.0.2, so I am limited to 1024.  However, I'm already using 1024, not 2048, so that's not the problem.

I'd prefer to use our internal cert server if possible so that we don't get "warned" about invalid certs on HTTPS connection.  However, if I can't make that work, I'll end up generating a cert directly from the wizard, and make do with having to click "Continue (not recommended)" each time.  We've got something like 20 or 30 UPS's around Australia, so if I'm going to do it, I'd rather it was done "correctly" in the first place, rather than having to do this twice.  🙂

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
0
1883
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

I understand better now. Bad/unrecognized data format is what -32 means.

What version of the security wizard are you trying? Just want to make sure its 1.04 which is what is on our website today.

This is a tough one because we can't really tell what it consider's "bad" but it is usually with the template or something like that. I've also seen a really long common name cause problems.

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
0
1883
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

"Bad/unrecognized data format"?  That's... descriptive.  😛

I downloaded the latest version (1.04) off APC's website the other day when I started this process.

The DNS name is only 28 characters long; I assume that's not "really long"?

And yeah, I'd be pretty sure that the problem is with the template, but without knowing what settings it's expecting, I don't know what to change?

I've generated a certificate using the wizard and uploaded it to the UPS, then connected via web browser and downloaded the certificate in .cer format.  I can now compare that certificate with the certificate that gets generated by the certificate server, and have found a few key differences.  I've forwarded them both off to our security team to see if they can create me a new template with only the fields that the security wizard put in.  Hopefully they can shed some light on this.  If I find any more info, I'll let you know.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
0
1884
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

Yes, I agree. The errors are not descriptive at all tongue-out

28 characters might be a little long but I am not sure what I had an issue with previously..it might have been in the 40's.

Let me know if I can help further or answer any other questions.

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
0
1883
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

We've recently upgraded to IE 10 and have run up against this certificate length security change: Microsoft Security Advisory: Update for minimum certificate key length

I've found this guide on APC's website to create and upload anew certificate into the NMC using the APC Security Wizard: http://www.apcmedia.com/salestools/ASTE-6Z5QF2/ASTE-6Z5QF2_R2_EN.pdf

I have generated the CSR and private key, used our Microsoft AD Certificate Server to generate a new cert based on that CSR, and then downloaded the resulting cert in both DER and Base64 format (the guide doesn't specify which the Wizard wants).

However, when I use the wizard to import the new cert (either the DER or Base64) with the private key, I get "Error importing cert, code: -32" (see attachment).

I haven't been able to find anything to tell me what this error means.  Can anyone help?

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

0 Likes
0
1883
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 04:36 AM . Last Modified: ‎2024-03-05 02:06 AM

Can you check this link out and see if it applies? -> Issuing SSL Certificates to APC Devices from Microsoft PKI | Mike Shellenberger's Blog

Reply

Link copied. Please paste this link to share this article on your social media post.

Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings Š 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of