Sone-385.mp4 ((better))

Navigating the Digital Frontier: End-User Tech Insights

Issuing SSL Certificates to APC Devices from Microsoft PKI

Sone-385.mp4 ((better))

If you want, I can: extract and format metadata from a provided file, generate a sample catalog record, produce an editing log template, or outline a redaction workflow. Which next step do you want?

13 responses to “Issuing SSL Certificates to APC Devices from Microsoft PKI”

  1. Ed Avatar
    Ed

    Hi Mike, great tutorial. I had version 1.01 of the security wizard and couldn’t manage to get our MS CA issued certs installed. I downloaded the 1.04 version and following your instruction was a breeze, thanks!

    Reply
  2. Raymond Avatar
    Raymond

    Tested and working on the apc-ap7921 with server 2012 CA.
    wouldnt work with 2048 bit key though had to revert to 1024

    Reply
  3. Ryan Engstrom (@Thunderbird311) Avatar
    Ryan Engstrom (@Thunderbird311)

    Thanks for the detailed instructions. I was able to do this on one of my devices. The problem is I have 37 total. I assume the common name has to be the IP address in order to avoid the exception question? I can’t just enter APC for the common name and use the same cert for all my devices? Thanks again!

    Reply
  4. Alberto de_la_Torre Avatar
    Alberto de_la_Torre

    Would love to figure out why when you create a duplicate of the “Web Server” template it fails with error -32. I hammered at this for 4 hours today and couldn’t get it to work. Does anyone have any suggestions on how to troubleshoot?

    Reply
  5. Alberto de_la_Torre Avatar
    Alberto de_la_Torre

    The only difference between using the default “Web Server” template and one you create by duplicating it is the addition of a Field called “Application Policies”. This appears to be a Microsoft Construct (I’m using Microsoft pki to generate my certs). I can not find any reference to “application policies” in the pki rfc’s. Ideally the APC Security Wizard would ignore it, but I believe this is what is causing the error -32 failure.

    Reply
  6. Steve Avatar
    Steve

    Great tutorial – anyone know how to include the certificate chain? Firefox complains that “The certificate is not trusted because no issuer chain was provided”.

    Reply
  7. Anthony Avatar
    Anthony

    In step 8, you advised to ‘Open your web browser and navigate to your issuing CA’, but what is the URL of the CA? Since the title says ‘from Microsoft PKI’, I expect that I woudl be connecting to the CA in Microsoft. Or do you mean I need to build a CA before taking your steps? What if I don’t use Windows Server on my network?

    Reply
  8. James McKane Avatar
    James McKane

    Great article and thanks to responders for additional help. Confirmed that the at least on my APC PDU’s and older cards, only 1024 bit certs will upload

    Reply
  9. Rick Avatar
    Rick

    Great article but i have a problem that i cannot use the default “Web Server” template.
    When i open the web browser and navigate to our issuing CA i am not being able to select the default “Web Server” template.
    Persmission are OK and also default “Web Server” template has been issued within Certification Authority MMC. CA is Windows Server 2012 R2.
    Anyone how to solve this?

    Reply
  10. J.B Avatar
    J.B

    Great Info!
    Using the 1.04 wizard for creating a 2048bit priv key and csr i was able to sign by using a internal MS based SubCA. The cert.p15 works perfectly within APC9630 (NMC II)

    Reply
  11. Pete L. Avatar
    Pete L.

    Coming in 11 years after this was written-Thanks Google. Curious if anyone has a copy of the non-CLI version of SecWizard? I’m in the US and it’s unavailable to us on the APC website. Thanks!

    Reply
    1. Alberto Avatar
      Alberto

      Pete, I have a copy of secwizard. Email me adelatorre at netfixers punctuation-mark com

      Reply
    2. Shawn Avatar
      Shawn

      Same here… trying to bring an older APC ATS back to life and getting stuck all over the place…

      Reply

Leave a comment