APC NMCSecurityWizardCLI Fails import step with cryptolib error.

With the recent Solarwinds Sunburst breach I thought it would be a good time to spend some time looking at my own internal network for security holes and get them patched. One of the things I personally have always been very lazy about is self signed certs on network appliances and internal only systems, so I knew that these would be peppered through my Nessus reports.

The first system I attempted to update was one of my trusty APC SmartUPS 1500’s with a Network Management Card 2 in it. After patching to the v6.9.6 version of the OS to patch for the Ripple20 vulnerabilities it was time to get the cert updated as per the steps in the Security Handbook for Network Devices which tells you to use the NMCSecurityWizardCLI utility to create the CSR, then perform an import command to take your private key and signed cert from the CA and export them as a .p15 for upload to your device. The first steps worked beautifully for me, however the –import step did not. I was constantly getting the following error.

NMC Security Wizard Command Line Utility v1.0.1
(c) Copyright 2018 Schneider Electric. All rights reserved.

Unhandled Exception: cryptlib.CryptException: -3: Bad argument, parameter 3
   at NMCSecurityWizardCLI.Program.ImportSignedCSR(String sCertFile, String sKeyFile, String sOutFile)
   at NMCSecurityWizardCLI.Program.Main(String[] args)

Didn’t matter what I tried to change, even using a OpenSSL CA vs my Microsoft Domain CA didn’t work. After some googling and a reddit post it turns out there is an older version of the CLI v1.0.0 that doesn’t have the issue when creating certs. Contacting APC support was able to get me the download link which is not posted anywhere on their website. You can download the APC NMC Security Wizard Command Line Utility v1.0.0 from here to solve your issue!

%d bloggers like this: