Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

Close
Important Announcement: WELCOME to the new Schneider Electric Community! Community is now no longer part of Exchange, and is now rebranded under se.com. If you have any bookmarks and links saved, we request you to update them to ensure that you continue accessing our community from this new location. For any issues that you might encounter as part of this change, please reach out to SchneiderCommunity.Support@se.com, and the team will help to get your issues resolved.
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
82485members
350070posts

Creating CA signed certificate for NMC2

APC UPS Data Center & Enterprise Solutions Forum

Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.

Solved
cwspeers_apc
Cadet
0 Likes
11
1081

Creating CA signed certificate for NMC2

This was originally posted on APC forums on 7/7/2020


I am attempting to create new certificates for our NMC2 modules that are signed by our CA, instead of the self signed certs.

While attempting to use the NMCSecurityWizard CLI v1.0.1 to create new p15 certificates I encounter the following error.

{

NMCSecurityWizardCLI --import -o apc1out -s apc1.cer -p apc1

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

}


I have confirmed that all the file names that are flagged in the above command are correct. It seems to happen no matter what order I put the flags in. I get the same "Bad argument, parameter 3" .

Has anyone seen this error before? If so, any idea how to correct it?

Thanks,


Accepted Solutions
BillP
Administrator Administrator
Administrator
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This reply was originally posted by Gavan on APC forums on 7/21/2020


Hi Ian,

I've been able to create a certificate with no issue using those exact commands and my lab CA.

Can you try using this slightly older version of security wizard and also disable any real-time or on-access AV or IPS that might be interfering with the wizard. Also confirm that you are using the base64 export from the CA.

https://schneider-electric.box.com/s/b0nbkuzqcc1b8ka0r2sa4xzqljua44vl

-Gavan

See Answer In Context

11 Replies 11
BillP
Administrator Administrator
Administrator
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This reply was originally posted by Gavan on APC forums on 7/8/2020


Hi Chris,

This is generally when the SecWiz program doesn't like on of the files that your trying to pass to it, can you follow the steps in the guide below:

https://schneider-electric.box.com/s/wkhf0nwpl40rhmia33hbfuk2j0r7da09

-Gavan

BillP
Administrator Administrator
Administrator
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This reply was originally posted by Ian on APC forums on 7/20/2020


I too am seeing the same error and have followed the PDF guide exactly. I am on a Windows Domain also. My SSL certificate is up for renewal on the 30th. Is there anything else I can try? Or can I get access to the old Wizard (pre CLI)?

R:\Certificates (SSL)\UPS\NMCSecurityWizardCLI>NMCSecurityWizardCLI.exe --import -o upsas -s certnew.cer -p upsa

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

Tags (3)
BillP
Administrator Administrator
Administrator
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This reply was originally posted by Gavan on APC forums on 7/21/2020


Hi Ian,

You can use the old Security Wizard GUI, however Chrome and Chromium based browsers will still show error messages as the old GUI software doesn't fill in a field that they require. 

Could you confirm that you are using an unaltered "Web Server" template with a two year expiry?

Also could you post the exact command used to create the CSR?

-Gavan 

BillP
Administrator Administrator
Administrator
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This reply was originally posted by Ian on APC forums on 7/21/2020


Hi Gavan.

Somehow I was able to get this to work 2 years ago (even with the legacy software). Anyway, I am using a Web Server certificate with a two year validity period.

Request Handling CSPs:

  • Microsoft DH Schannel Cryptographic Provider
  • Microsoft RSA SChannel Cyrptographic Provider

Subject Name:

  • Supplied in the request
  • Type of subject Computer or other device

Extensions:

  • Basic Constraints
  • Certificate Template Name
  • Enhanced Key Usage
  • Key Usage

NMCSecurityWizardCLI.exe --csr -o upsa -c CA -g MFPN -n upsalpha.corp.mfpn.ca -d upsalpha.corp.mfpn.ca -a 10.10.0.50 -e ian@myemail.com

NMCSecurityWizardCLI.exe --import -o upsas -s certnew.cer -p upsa

 

Thanks,

Ian

Attachments
BillP
Administrator Administrator
Administrator
0 Likes
0
1082

Re: Creating CA signed certificate for NMC2

This reply was originally posted by Gavan on APC forums on 7/21/2020


Hi Ian,

I've been able to create a certificate with no issue using those exact commands and my lab CA.

Can you try using this slightly older version of security wizard and also disable any real-time or on-access AV or IPS that might be interfering with the wizard. Also confirm that you are using the base64 export from the CA.

https://schneider-electric.box.com/s/b0nbkuzqcc1b8ka0r2sa4xzqljua44vl

-Gavan

BillP
Administrator Administrator
Administrator
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This reply was originally posted by Ian on APC forums on 7/21/2020


Gavan,

Using the version 1.0.0 it worked first try! It would seem there is something in the newer version which is causing the issue. Thanks for sorting this out for me, and hopefully this helps others having the issue until a fix comes out for the new version.

Cheers,

Ian

cwspeers_apc
Cadet
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This was originally posted on APC forums on 7/21/2020


Gavan, 
it's a great day when you wake up and have a solution to a several month long issue. 

The older client works like a charm. Suggest you get apc to host it on their download page again because that new one is terrible. 

Thanks for the help!

-Chris

KevITStuff_apc
Cadet
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This was originally posted on APC forums on 10/8/2020


Hi Guys, 

I have exactly the same problem on a number of different UPS's here. I can only find version 1.0.1 of the software and this does not work at when i submit to a Microsoft PKI infrastructure. Is the 1.0.0 version of the software available anywhere to download ? 

BillP
Administrator Administrator
Administrator
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This reply was originally posted by Gavan on APC forums on 10/8/2020


https://schneider-electric.box.com/s/ct021cml940zdj50al4zhocjyczf13v8

-Gavan

AWDavid_apc
Cadet
0 Likes
0
1081

Re: Creating CA signed certificate for NMC2

This was originally posted on APC forums on 12/24/2020


I'm having trouble uploading the CA cert to the NMC. i have no issues creating the SSL though the wizard and getting though our CA server and uploading it is no problem, but the CA cert that goes under Security > 802.1x > configuration. I'm trying to get the UPS 802.1x compliant. after Upload the CA certificate status remains Unknown.

PetroR
Cadet
0 Likes
0
906

Re: Creating CA signed certificate for NMC2

I have been struggling to get a certificate on several UPSs since the old GUI wizard stopped working. I am looking at this again as I have just set up a new UPS and want to add an SSL certificate.

I am using NMCSecurityWizardCLI.exe v1.0.1 and following the directions from the readme that came with it.

I do get a new .p15 file (once I realised that it would try and overwrite the original key in the .p15 unless I gave it a different name), however it also errors and the resulting p15 file is not importable to the UPS

 

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.
-----------------------------------------------------------------------------

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
at NMCSecurityWizardCLI.Program.Main(String[] args)

 

I am using the base 64 download to obtain the .cer file from our local CA

 

I have read in several places that version 1.0.0 works but am unable to find a place to download it and am mystified as to why the version that does not work is all that is available on the downloads pages. This issue seems to have been around long enough

 

Can anyone tell me where to get either a working version of the utility or a working set of instructions? The links in this post did not work for me

Thanks

 

Tags (1)