Loading ...

Can CA signed certs be added to an ATS (AP7723) device? | UPS Management Devices & PowerChute Software

Home » Spaces » UPS Management Devices & PowerChute Software » discussion » General » Can CA signed certs be added to an ATS (AP7723) device?

Can CA signed certs be added to an ATS (AP7723) device?

Discussion in UPS Management Devices & PowerChute Software started by Robert , 4/1/2021 8:30 PM
Login to follow, share, and participate in this space.
Not a member?Join now

Please review Schneider Electric Knowledge Base articles for assistance with most technical support questions.  http://www.apc.com/us/en/faqs

Posted in: General

Can CA signed certs be added to an ATS (AP7723) device?

Subscribe to RSS
  • We're generating CSR's and private key's using NMC Security.
    The CSR's are being sent to our in-house Microsoft CA.
    The CA signed cert and the original private key from the CSR generation are imported using NMC Security.
    Attempting to upload and apply the certificate returns "no certificate installed".

    Model Number: AP7723

    Version: v3.9.2

  • Are you using the security wizard GUI or CLI?

    Also note that the AP7723 is based on the much older NMC1 platform, it's possible that the cert provided by your CA is not compatible with the device.


  • I've tried using both--NMC Security Wizard Command Line Utility v1.0.0 and version 1.04 of the APC Security Wizard.

    I submit my CSR generated from the CLI to our Microsoft based CA for signature. 

    The selections available for the Web profile template CSR submission include Server authentication, extended-key usage; or both server and client authentication extended-key usage.

    The signed certificate type returned through the CA portal is p10.

    The signed certificate can be saved in PEM(base64) or DER(binary) format.

    Also available, the signed certificate can be exported in PKCS#12, PKCS#7, JKS, PEM, or DER formats. With this option, certificates in the certification path can be exported.  The private key can also be exported here, optionally.

    I've downloaded the signed certificate in all formats and then using NMC Security Wizard CLI v1.0.0, successfully imported the certificate, using the .csr and .p15 (key) files generated from the CSR submission steps.

    Attempting to add the new .p15 file created with the import command to the ATS device, results in one of the following:

    1.  No certificate is displayed in the gui, after browsing and selecting the certificate file to be imported.

    2.  The new CA cert isn't loaded and the factory certificate remains persistent.

    3.  Browser returns "Unexpected multipart form data.  Return to" page.


  • Hi Robert,

    Certificates created by the SecWizCLI aren't supported on devices of that age. Try using the older GUI version below:


    If you upload the response from your CA to here I can have a look and see if its compatible with the NMC1:



  • Gavan,

    I'm able to access the site, but I'm getting an error, "This shared file or folder link has been removed or is unavailable to you."


  • https://schneider-electric.box.com/s/18wzhi34r2c3ehrhhgw0o9jvd3pjvghj


  • Hi Gavan,

    What are the CSR profile template requirements for these devices?  I'm getting errors submitting a CSR for the Web profile with Client authentication and for a profile with Server and Client authentication.

    Thank you


  • Hi Robert,

    You should be using the "Webserver" template if using a Windows CA, so server authentication. This is probably not the issues, the NMC1 is very outdated and probably won't support the signing algorithm used by your CA.

    Also of note is the NMC1 only supports up to SSLv3, no modern browser will support this as standard.


Page 1 of 1 (8 items)
Choose your language:  
powered by Communifire
Version 8.0.7757.16597