This was originally posted on APC forums on 2/20/2014
I have am working with a new AP9631 NMC2. See here for product page: http://www.apc.com/products/resource/include/techspec_index.cfm?base_sku=AP9631&tab=documentation
There is a document called "Security Handbook Network Enabled Devices AOS V.6.X.X" on the documentation page. I've been following the section entitled "Create a Server Certificate and Signing Request" trying to install a signed SSL certificate on the NMC. I have not yet succeeded.
When I get to the instruction to "Send the certificate signing request to...a Certificate Authority managed by your own company or agency" I use the following command to get the certificate signed by our Certificate Authority:
certreq -submit -attrib "CertificateTemplate:WebServer"
(see this Microsoft technet article for details Appendix 3: Certreq.exe Syntax)
That works and a signed certificate is issued by our Certificate Authority and I continue to follow the instructions in the "Import the signed certificate" subsection. The first sign that there is a problem occurs when I get to the subsection entitled "Load the Server Certificate to the Management Card or Device".
When I select "Add or Replace Certificate File", the web interface hangs for about a minute and then shows an updated "Certificate" page. On that page, it shows
Status: Valid Certificate
The problem is that when I click on valid certificate, the installed certificate is an internally generated certificate (i.e. OU= "American Power Conversion Corp"), not the certificate I just tried to add. A similar thing happens if I upload the certificate using FTP. I have checked the fingerprints of the internally generated certificate from attempt to attempt: They are diffferent. It seems that during the minute the web interface hangs, the NMC is generating a new certificate.
Why isn't the NMC2 accepting my SSL certificate and instead internally generating a new certificate?
APC Models and Versions
APC Security Wizard version: 1.04
Model Number: AP9631
Serial Number: ZA1324021754
Hardware Revision: 05
Manufacture Date: 06/15/2013
MAC Address: 00 C0 B7 B4 15 26
Management Uptime: 0 Days 0 Hours 5 Minutes
Date: Apr 5 2013
APC OS (AOS)
Date: Apr 5 2013
APC Boot Monitor
Date: Jan 21 2010
Model: Smart-UPS RT 2200 XL
Serial Number: QS1323140847
Firmware Revision: 802.5.D
Manufacture Date: 06/04/13
Certificate Authority: Windows Server 2012R2 Active Directory Certificate Services
Certificate Authority Type: Enterprise Subordinate
Web Browser: Firefox 27.0.1
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!