NMC Security Wizard Command Line Utility v1.0.0
(c) Copyright 2018 Schneider Electric. All rights reserved.
---------------------------------------------------------------------------------
Read Me File
---------------------------------------------------------------------------------
Files included:
NMCSecurityWizardCLI_v100.zip
   cl32.dll
   NMCSecurityWizardCLI.exe
   NMCSecurityWizardCLI_READ_ME.txt


*Note: The .dll and .exe files in the .zip archive must be extracted to the same folder for the tool to work.
*Note: If you previously downloaded v0.2.6, please upgrade to NMCSecurityWizardCLI v1.0.0 before proceeding.
---------------------------------------------------------------------------------

Contents:
* Command Options and Syntax
* Command Examples
* Known Issues
* Fixed Issues Since Previous Revision(s)

---------------------------------------------------------------------------------
*** Command Options and Syntax
---------------------------------------------------------------------------------

The tool must be launched from a command line. 
Below is the syntax for all available commands and their respective options. 
This same usage help and syntax is available in the tool itself by executing NMCSecurityWizardCLI with no arguments or options.

* Parameters in []'s are optional

Usage:
  NMCSecurityWizardCLI --sslcert -o <file> -r <file> -n <common_name>
                       -c <country> [-m <state_province> -l <locality>
                       -g <organization> -u <organizational_unit> -e <email>
                       -f <validity_from> -t <validity_to> -i <uri_name>
                       -d <dns_name> -a <ip_address>]
  NMCSecurityWizardCLI --sshkey -o <file>
  NMCSecurityWizardCLI --caroot -o <file> -n <common_name> -c <country>
                       [-m <state_province> -l <locality> -g <organization>
                       -u <organizational_unit> -e <email> -f <validity_from>
                       -t <validity_to> -i <uri_name> -d <dns_name>
                       -a <ip_address>]
  NMCSecurityWizardCLI --csr -o <file> -n <common_name> -c <country>
                       [-m <state_province> -l <locality> -g <organization>
                       -u <organizational_unit> -e <email> -i <uri_name>
                       -d <dns_name> -a <ip_address>]
  NMCSecurityWizardCLI --import -o <file> -s <file> -p <file>

Options:
  --sslcert  Creates a SSL server certificate
  --sshkey   Creates a SSH server host key
  --caroot   Creates a CA root certificate
  --csr      Creates one or more cert signing requests
  --import   Creates a NMC certificate based on signed cert and private key

  -o         Output file (without extension)
  -r         CA Root Certificate .p15 input file (without extension)
  -s         Signed Certificate .crt/.cer input file (with extension)
  -p         Private Key .p15 input file (without extension)
  -n         Common Name (DN Attribute) * Required
  -c         Country Code (DN Attribute) * Required
  -m         State or Province (DN Attribute)
  -l         Locality (DN Attribute)
  -g         Organization (DN Attribute)
  -u         Organizational Unit (DN Attribute)
  -f         Validity From (DN Attribute) [mm/dd/yyyy]
  -t         Validity To (DN Attribute) [mm/dd/yyyy]
  -e         Contact Email Address (SAN Attribute)
  -i         URI Name (SAN Attribute)
  -d         DNS Name (SAN Attribute)
  -a         IP Address (SAN Attribute)

  -k         Key Size [1024 | 2048]

---------------------------------------------------------------------------------
*** Command Examples
---------------------------------------------------------------------------------

**Using NMCSecurityWizardCLI to create both a CA Root Certificate and SSL Certificate.

#> NMCSecurityWizardCLI --caroot -o CARootFile -n certauth.company.com -c US -m "New Hampshire" -l Pittsfield -g "ABC Company" -u "Enterprise IT" -e ca_request@company.com -f "06/01/2018" -t "05/31/2022"

#> NMCSecurityWizardCLI --sslcert -o apcupsSSLCert -r CARootFile -n apcups01.company.com -c US -m Massachusetts -l Andover -g "APC Company" -u "Information Technology" -e john.doe@example.com -a 10.52.13.4 -i http://apcups01.company.com -d apcUPS01 -f "05/11/2018" -t "05/10/2021"


** Using NMCSecurityWizardCLI to create a 1024 bit SSH Host Key.

#> NMCSecurityWizardCLI --sshkey -o keyOut -k 1024

** Using NMCSecurityWizardCLI to create a 2048bit SSH Host Key. Note: NMCSecurityWizardCLI defaults to 2048bit keys unless otherwise specified. -k 2048 is not required but will work.

#> NMCSecurityWizardCLI --sshkey -o apcUPShostKey


**Using NMCSecurityWizardCLI to create a Certificate Signing Request for submission to a third party Certificate Authority, such as Microsoft Certificate Services.

#> NMCSecurityWizardCLI --csr -o apcUPS01CSR -n apcUPS01.company.com -c US -m Massachusetts -l Andover -g "ABC Company" -u "Information Technology" -e ITadministrator@company.com -a 10.117.3.56 -i http://apcUPS01.company.com -d apcUPS01

*Submit apcUPS01CSR.csr file received from NMCSecurityWizardCLI tool to your Certificate Authority. Submit that file to your CA. Then, you should receive a .cer or .crt file in return from the CA to proceed to the next step.

#> NMCSecurityWizardCLI --import -o apcUPS01SSLCert -s signedCert.cer -p apcUPS01CSR
  
---------------------------------------------------------------------------------
*** Known Issues
---------------------------------------------------------------------------------

* Limitation of one instance of each Subject Alternative Name (SAN) attribute. This means only one DNS name, one URI (web address), and one DNS name can be specified. A fix is planned for a future release. Possible workaround for users is to specify additional SAN attributes by appending them to the CSR during submission to the CA.

* To ensure full compatibility with all supported features and functions specific to infamous "-32 error" or problems with Microsoft CAs, NMC firmware applications with AOS 6.6.4+ must be used.

* No informational summary provided on-screen for SSH Host Key created with --sshkey option.
 
---------------------------------------------------------------------------------
Fixed Issues Since Previous Revision(s)
---------------------------------------------------------------------------------
* Re-added summary display (now including Issuer/Subject/SAN information). (This was temporarily removed in v0.2.8.)
* Removed "Issuer" validity and SAN information.
* Re-added input file check which caused a problem in v0.2.6 and --import function.
* Error handling for validity periods that are not in range.
* Corrected validity dates that were being displayed incorrectly in summary outputs.
* Changed "Country" to "Country Code" in syntax to better specify and prevent errors.
* Added output summary for CA root certificates upon file creation.
* Now displaying correct certificate serial number and fingerprints as part of summary outputs.
* v1.0.0 - Beta tag removed.
* v1.0.0 - Added support for importing and exporting filenames with periods. This requires NMC AOS v6.6.4 for the file to be accepted on the NMC.





