When will the NMC3/AP9641's web UI finally support modern ECDSA SSL Certs?
APC UPS for Home and Office Forum
Support forum to share knowledge about installation and configuration of APC offers including Home Office UPS, Surge Protectors, UTS, software and services.
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send InviteCancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2024-07-0207:10 PM
When will the NMC3/AP9641's web UI finally support modern ECDSA SSL Certs?
This has been dogging me for several years now, and I am growing increasingly exasperated at APC/SE's reluctance to fix the issue. For the longest time, the only SSL Certificates you could use on older NMC2 and newer NMC3 devices was either the self-signed certificate generated by the device itself or a certificate created by APC's antiquated NMC Security Wizard tool. If you stick w/ the self-signed cert, you get a low-grade ECDSA cert that browsers everywhere will hate because it's self-signed. But if you try to use the NMC Security Wizard tool, it maxes out at RSA 2048bit certs, which are weak in these modern times.
I have given in and actually purchased licenses for the NMC3 cards in my home SmartUPSes, and just recently updated the firmware to 3.1.1.1. I noticed a few versions ago that APC added a spot in the web UI to upload your own SSL certificate files and private keys (Configuration --> Security --> SSL Certificates), which get saved in some new centralized device certificate store. However, the only function of the firmware that even seems capable of using certificates installed in this part of the UI is the built-in SMTP service for sending encrypted e-mails. The embedded HTTP server that runs the management web UI seems to still be limited/restricted to ONLY using its own self-signed certs or antiquated certs by the aforementioned NMC Security Wizard Tool.
My question is, does anyone on the inside know when this support will be added? It's been at least two years, if not three, since this centralized device certificate store became available. Yet, only the SMTP service can use this amazing new feature? Is updating the HTTP component on the development roadmap at least? If so, when?