mirror of
https://github.com/gregtwallace/apc-p15-tool.git
synced 2025-07-22 22:52:57 +00:00
readme: update compatibility and troubleshooting
This commit is contained in:
parent
b821002e85
commit
451fc36518
1 changed files with 52 additions and 13 deletions
65
README.md
65
README.md
|
@ -53,13 +53,14 @@ This project aims to solve all of these problems by accepting the most
|
||||||
common key and cert file format (PEM) and by being 100% open source
|
common key and cert file format (PEM) and by being 100% open source
|
||||||
and licensed under the GPL-3.0 license.
|
and licensed under the GPL-3.0 license.
|
||||||
|
|
||||||
## Compatibility Notice
|
|
||||||
|
|
||||||
Both NMC2 and NMC3 devices should be fully supported. However, I have one
|
|
||||||
NMC2 device in a home lab and have no way to guarantee success in all cases.
|
|
||||||
|
|
||||||
### Key Types and Sizes
|
### Key Types and Sizes
|
||||||
|
|
||||||
|
Ensure you select an appropriate key!
|
||||||
|
|
||||||
|
NMC2 is extremely picky about the key type and size it supports. NMC3 is a bit
|
||||||
|
more flexible. Beware, some ACME clients will generate an ECDSA key by default
|
||||||
|
which is NOT supported by NMC2.
|
||||||
|
|
||||||
NMC2:
|
NMC2:
|
||||||
- RSA 1,024, 2,048, 3,072* bit lengths.
|
- RSA 1,024, 2,048, 3,072* bit lengths.
|
||||||
|
|
||||||
|
@ -80,22 +81,60 @@ NMC3*:
|
||||||
this size if possible. Most (all?) public ACME services won't accept keys
|
this size if possible. Most (all?) public ACME services won't accept keys
|
||||||
of this size anyway.
|
of this size anyway.
|
||||||
|
|
||||||
### General Troubleshooting
|
### Compatibility Notice
|
||||||
|
|
||||||
|
Both NMC2 and NMC3 devices should be fully supported. However, I have one
|
||||||
|
NMC2 device in a home lab and have no way to guarantee success in all cases.
|
||||||
|
|
||||||
My setup (and therefore the testing setup) is:
|
My setup (and therefore the testing setup) is:
|
||||||
- APC Smart-UPS 1500VA RM 2U SUA1500RM2U (Firmware Revision 667.18.D)
|
- APC Smart-UPS 1500VA RM 2U SUA1500RM2U (Firmware Revision 667.18.D)
|
||||||
- AP9631 NMC2 Hardware Revision 05 running AOS v7.1.2 and Boot Monitor
|
- AP9631 NMC2 Hardware Revision 05 running AOS v7.1.2 and Boot Monitor
|
||||||
v1.0.9.
|
v1.0.9.
|
||||||
|
|
||||||
If you have trouble, your first step should be to update your NMC's firmware.
|
Generally, if there is a compatibility issue, there is a good chance you will
|
||||||
Many issues with this tool will be resolved simply by updating to the newest
|
not see an error. Rather, the NMC will silently fail and you'll only know
|
||||||
firmware.
|
something went wrong because the NMC's certificate didn't update, or it regenerated
|
||||||
|
a self-signed certificate that you'll see upon your next connection attempt.
|
||||||
|
I've tried to add some `WARNING` messages to the tool to indicate what might
|
||||||
|
be going wrong, but the list is definitely not exhaustive.
|
||||||
|
|
||||||
If you have a problem after that, please post the log in an issue and I can
|
### Troubleshooting
|
||||||
try to fix it but it may be difficult without your particular hardware to
|
|
||||||
test with.
|
|
||||||
|
|
||||||
In particular, if you are experiencing `ssh: handshake failed:` first try
|
Suggested troubleshooting steps:
|
||||||
|
- Review the `Key Types and Sizes` and `Compatibility Notice` sections of this
|
||||||
|
README.
|
||||||
|
- Update your NMC's firmware to the latest version.
|
||||||
|
- Read this tool's output, look specifically for any `WARNING` messages and
|
||||||
|
adjust your certificate accordingly.
|
||||||
|
- Test using an RSA 2048 bit key to obtain a certificate from Let's Encrypt.
|
||||||
|
Their certificates are known to work with NMC.
|
||||||
|
- Use the official NMC Security Wizard to verify you can create a working
|
||||||
|
certificate and load it into your NMC. If the official tool does not work
|
||||||
|
switching to this tool won't help.
|
||||||
|
|
||||||
|
If you have tried all of these steps and are still experiencing a problem,
|
||||||
|
you may open an Issue on GitHub.
|
||||||
|
|
||||||
|
Include:
|
||||||
|
- The full command you are running that is causing the problem.
|
||||||
|
- The full log of this tool's output when you run the command. Append the
|
||||||
|
`--debug` flag to your command to get the debug output.
|
||||||
|
|
||||||
|
Keep in mind, I am one person with one specific hardware setup. I may not
|
||||||
|
be able to help you.
|
||||||
|
|
||||||
|
#### NMC3 Install `ssh: parse error in message type 53` Error
|
||||||
|
|
||||||
|
Configuring a `System Message` on an NMC3 breaks the install function. I do
|
||||||
|
not have an NMC3 and after doing some code review it is highly unlikely I'll
|
||||||
|
be able to fix this. Don't use a `System Message` if the install feature is
|
||||||
|
important to you.
|
||||||
|
|
||||||
|
see: https://github.com/gregtwallace/apc-p15-tool/issues/14
|
||||||
|
|
||||||
|
#### Install `ssh: handshake failed` Error
|
||||||
|
|
||||||
|
If you are experiencing `ssh: handshake failed:` first try
|
||||||
using the `--insecurecipher` flag. If this works, you should upgrade your
|
using the `--insecurecipher` flag. If this works, you should upgrade your
|
||||||
NMC to a newer firmware which includes secure ciphers. You should NOT automate
|
NMC to a newer firmware which includes secure ciphers. You should NOT automate
|
||||||
your environment using this flag as SSH over these ciphers is broken and
|
your environment using this flag as SSH over these ciphers is broken and
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue