From c22447b0c2d5be0d956674a4d2760af0eb43c743 Mon Sep 17 00:00:00 2001 From: "Greg T. Wallace" Date: Tue, 17 Sep 2024 18:44:33 -0400 Subject: [PATCH] readme: update info re: modern key support --- README.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 27ff526..fa53ea0 100644 --- a/README.md +++ b/README.md @@ -5,14 +5,6 @@ creating and installing SSL certificates on APC (Schneider Electric) Network Management Cards (2 & 3) simple and easy to do. It is also designed to simplify automation of the certificate management lifecycle. -## Help Needed from NMC3 Users! - -If you have an NMC3, please test the beta release (1.1.0-b). In particular, -please provide feedback if 4,092 bit RSA keys and EC keys of curve types -P-256, P-384, and P-521 work using the beta and your NMC3. - -see: https://github.com/gregtwallace/apc-p15-tool/issues/6 - ## Background When APC created the NMC2 (Network Management Card 2), they chose to use @@ -71,12 +63,17 @@ NMC2 device in a home lab and have no way to guarantee success in all cases. NMC2: - RSA 1,024, 2,048, 3,072* bit lengths. -NMC3: +NMC3*: - RSA 1,024, 2,048, 3,072, and 4,092 bit lengths. - ECDSA curves P-256, P-384, and P-521. * 3,072 bit length is not officially supported by my NMC2, but appears to work fine. +* The additional key types supported by NMC3 require newer firmware on the + device. I am unsure what the version cutoff is, but you can check support + by connecting to the UPS via SSH and typing `ssl`. If `Command Not Found` + is returned, the firmware is too old and only the key types listed under + NMC2 will work. 1,024 bit RSA is no longer considered completely secure; avoid keys of this size if possible. Most (all?) public ACME services won't accept keys