mirror of
https://github.com/gregtwallace/apc-p15-tool.git
synced 2025-01-22 00:04:09 +00:00
readme: update info re: modern key support
This commit is contained in:
Greg T. Wallace
parent
cbb831e009
commit
c22447b0c2
1 changed files with 6 additions and 9 deletions
15
README.md
15
README.md
|
|
@ -5,14 +5,6 @@ creating and installing SSL certificates on APC (Schneider Electric)
|
|||
Network Management Cards (2 & 3) simple and easy to do. It is also
|
||||
designed to simplify automation of the certificate management lifecycle.
|
||||
|
||||
## Help Needed from NMC3 Users!
|
||||
|
||||
If you have an NMC3, please test the beta release (1.1.0-b). In particular,
|
||||
please provide feedback if 4,092 bit RSA keys and EC keys of curve types
|
||||
P-256, P-384, and P-521 work using the beta and your NMC3.
|
||||
|
||||
see: https://github.com/gregtwallace/apc-p15-tool/issues/6
|
||||
|
||||
## Background
|
||||
|
||||
When APC created the NMC2 (Network Management Card 2), they chose to use
|
||||
|
|
@ -71,12 +63,17 @@ NMC2 device in a home lab and have no way to guarantee success in all cases.
|
|||
NMC2:
|
||||
- RSA 1,024, 2,048, 3,072* bit lengths.
|
||||
|
||||
NMC3:
|
||||
NMC3*:
|
||||
- RSA 1,024, 2,048, 3,072, and 4,092 bit lengths.
|
||||
- ECDSA curves P-256, P-384, and P-521.
|
||||
|
||||
* 3,072 bit length is not officially supported by my NMC2, but appears to work
|
||||
fine.
|
||||
* The additional key types supported by NMC3 require newer firmware on the
|
||||
device. I am unsure what the version cutoff is, but you can check support
|
||||
by connecting to the UPS via SSH and typing `ssl`. If `Command Not Found`
|
||||
is returned, the firmware is too old and only the key types listed under
|
||||
NMC2 will work.
|
||||
|
||||
1,024 bit RSA is no longer considered completely secure; avoid keys of
|
||||
this size if possible. Most (all?) public ACME services won't accept keys
|
||||
|
|
|
|||
Loading…
Reference in a new issue