When will the NMC3/AP9641's web UI finally support modern ECDSA SSL Certs?

kumba93 · ‎2024-07-02

This has been dogging me for several years now, and I am growing increasingly exasperated at APC/SE's reluctance to fix the issue. For the longest time, the only SSL Certificates you could use on older NMC2 and newer NMC3 devices was either the self-signed certificate generated by the device itself or a certificate created by APC's antiquated NMC Security Wizard tool. If you stick w/ the self-signed cert, you get a low-grade ECDSA cert that browsers everywhere will hate because it's self-signed. But if you try to use the NMC Security Wizard tool, it maxes out at RSA 2048bit certs, which are weak in these modern times.

I have given in and actually purchased licenses for the NMC3 cards in my home SmartUPSes, and just recently updated the firmware to 3.1.1.1. I noticed a few versions ago that APC added a spot in the web UI to upload your own SSL certificate files and private keys (Configuration --> Security --> SSL Certificates), which get saved in some new centralized device certificate store. However, the only function of the firmware that even seems capable of using certificates installed in this part of the UI is the built-in SMTP service for sending encrypted e-mails. The embedded HTTP server that runs the management web UI seems to still be limited/restricted to ONLY using its own self-signed certs or antiquated certs by the aforementioned NMC Security Wizard Tool.

My question is, does anyone on the inside know when this support will be added? It's been at least two years, if not three, since this centralized device certificate store became available. Yet, only the SMTP service can use this amazing new feature? Is updating the HTTP component on the development roadmap at least? If so, when?