Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84322members
353480posts

How do I replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one?

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

Solved
PinPinPoola
Ensign
Ensign
0 Likes
4
1564

How do I replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one?

Hi,

 

I am trying to replace the self signed SSL certificate on a NetBotz 250 and the instructions in the 03/2021 User Guide on page 105 are severely lacking in useful detail. 😞

 

There is no option within the NetBotz 250 web UI to generate a new private key and CSR for signing by my Enterprise CA, so I used OpenSSL to generate them instead. I have signed the CSR with my Enterprise CA (Windows Server 2019 CA - using the 'Web Server' Template) and I now have a Base64 certificate.

 

Question 1: What is the supported file format to upload - as the "chose file" does not give any clues.

 

Question 2: How do I package the signed certificate and the private key?

 

Question 3: Should I be using the "APC Security Wizard" to upload the certificate/key pair to the NetBotz 250? If so, please can you confirm support version I should use?

 

 

Firmware/App Version:

 

Schneider Electric Network Management Card AOS v6.8.2
(c) Copyright 2019 All Rights Reserved NETBOTZ 250 APP v6.8.0

 

NetBotz 250 SSL Certificate Configuration.JPG

 

Thanks

Pin

Tags (1)

Accepted Solutions
PinPinPoola
Ensign
Ensign
1
1459

Re: How do I replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one?

<rant> I'll start by saying that I am disappointed in APC/Schneider for the inexcusably poor documentation on this subject. Whoever 'wrote' and signed off the 3/2021 NetBotz 250 User Guide should hang their collective heads in shame. You are supposedly professionals developing premium product, so please put more effort into the documentation. </rant>


After much searching I have worked out what page 105 "SSL Certificates" in the above mentioned guide should actually say.


This forum does not allow uploading of PDF's, so I have had to convert my PDF into PNG's in order to convey the steps needed. I will put the two NMCSecurityWizardCLI commands in as text at the bottom (after the white space of page #3)

 

How to replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one-1.pngHow to replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one-2.pngHow to replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one-3.png

NMCSecurityWizardCLI --csr -o apc-netbotz-250 -n apc-netbotz-250.mydomain.local -c GB -m "My County" -l "My Town" -g "My Organisation" -u "My Organisational Unit" -e myemail@mydomain.com -i https://apc-netbotz-250.mydomain.local -d apc-netbotz-250.mydomain.local -a 10.10.1.101 -k 2048

 

NMCSecurityWizardCLI --import -o apc-netbotz-250_p15cert -s apc-netbotz-250.cer -p apc-netbotz-250

 

 

 

See Answer In Context

Tags (1)
4 Replies 4
BillP
Administrator Administrator
Administrator
0 Likes
3
1510

Re: How do I replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one?

Hi @PinPinPoola,

 

You should post Netbotz questions on the EcoStruxure IT Forum. I have added a link below.

 

https://community.exchange.se.com/t5/EcoStruxure-IT-forum/bd-p/ecostruxure-it-forum

Tags (1)
PinPinPoola
Ensign
Ensign
0 Likes
2
1503

lRe: How do I replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one?

Hello @BillP 

 

Thank you for your reply.

 

Frustratingly, there is nothing I can see that makes it clear the NetBotz falls under the EcoStruxure IT Forum 😞

 

Are you able to move this post to the correct forum section for me please?

 

Many Thanks

Pin

 

 

Tags (1)
PinPinPoola
Ensign
Ensign
1
1460

Re: How do I replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one?

<rant> I'll start by saying that I am disappointed in APC/Schneider for the inexcusably poor documentation on this subject. Whoever 'wrote' and signed off the 3/2021 NetBotz 250 User Guide should hang their collective heads in shame. You are supposedly professionals developing premium product, so please put more effort into the documentation. </rant>


After much searching I have worked out what page 105 "SSL Certificates" in the above mentioned guide should actually say.


This forum does not allow uploading of PDF's, so I have had to convert my PDF into PNG's in order to convey the steps needed. I will put the two NMCSecurityWizardCLI commands in as text at the bottom (after the white space of page #3)

 

How to replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one-1.pngHow to replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one-2.pngHow to replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one-3.png

NMCSecurityWizardCLI --csr -o apc-netbotz-250 -n apc-netbotz-250.mydomain.local -c GB -m "My County" -l "My Town" -g "My Organisation" -u "My Organisational Unit" -e myemail@mydomain.com -i https://apc-netbotz-250.mydomain.local -d apc-netbotz-250.mydomain.local -a 10.10.1.101 -k 2048

 

NMCSecurityWizardCLI --import -o apc-netbotz-250_p15cert -s apc-netbotz-250.cer -p apc-netbotz-250

 

 

 

Tags (1)
Rick_O
Lieutenant JG Lieutenant JG
Lieutenant JG
0
1419

Re: How do I replace the NetBotz 250 self signed SSL Certificate with an Enterprise CA signed one?

Hello @PinPinPoola ,

 

Thank you very much for the feedback and the information about your troubles, concerns, and also the solution for the Certificate issue you ran into. We will look into updating and adding more information to our documentation about this. Please keep the feedback coming as it helps us to improve our products and documentation.

 

Thanks,

Rick Ogren

NetBotz Product Manager

Tags (1)