NMC Security Wizard Command Line Utility v1.0.0
(c) Copyright 2018 Schneider Electric. All rights reserved.
---------------------------------------------------------------------------------
Read Me File
---------------------------------------------------------------------------------
Files included:
NMCSecurityWizardCLI_v100.zip
   cl32.dll
   NMCSecurityWizardCLI.exe
   NMCSecurityWizardCLI_READ_ME.txt


*Note: The .dll and .exe files in the archive must be extracted to the same folder for the tool to work.
---------------------------------------------------------------------------------

Contents:
* Command Options and Syntax
* Command Examples
* Known Issues
* Fixed Issues Since Previous Revision(s)

---------------------------------------------------------------------------------
*** Command Options and Syntax
---------------------------------------------------------------------------------

The tool must be launched from a command line. 
Below is the syntax for all available commands and their respective options. 
This same usage help and syntax is available in the tool itself by executing NMCSecurityWizardCLI with no arguments or options.

* Parameters in []'s are optional

Usage:
  NMCSecurityWizardCLI --sslcert -o <file> -r <file> -n <common_name>
                       -c <country> [-m <state_province> -l <locality>
                       -g <organization> -u <organizational_unit> -e <email>
                       -f <validity_from> -t <validity_to> -i <uri_name>
                       -d <dns_name> -a <ip_address>]
  NMCSecurityWizardCLI --sshkey -o <file>
  NMCSecurityWizardCLI --caroot -o <file> -n <common_name> -c <country>
                       [-m <state_province> -l <locality> -g <organization>
                       -u <organizational_unit> -e <email> -f <validity_from>
                       -t <validity_to> -i <uri_name> -d <dns_name>
                       -a <ip_address>]
  NMCSecurityWizardCLI --csr -o <file> -n <common_name> -c <country>
                       [-m <state_province> -l <locality> -g <organization>
                       -u <organizational_unit> -e <email> -i <uri_name>
                       -d <dns_name> -a <ip_address>]
  NMCSecurityWizardCLI --import -o <file> -s <file> -p <file>

Options:
  --sslcert  Creates a SSL server certificate
  --sshkey   Creates a SSH server host key
  --caroot   Creates a CA root certificate
  --csr      Creates one or more cert signing requests
  --import   Creates a NMC certificate based on signed cert and private key

  -o         Output file (without extension)
  -r         CA Root Certificate .p15 input file (without extension)
  -s         Signed Certificate .crt/.cer input file (with extension)
  -p         Private Key .p15 input file (without extension)
  -n         Common Name (DN Attribute) * Required
  -c         Country Code (DN Attribute) * Required
  -m         State or Province (DN Attribute)
  -l         Locality (DN Attribute)
  -g         Organization (DN Attribute)
  -u         Organizational Unit (DN Attribute)
  -f         Validity From (DN Attribute) [mm/dd/yyyy]
  -t         Validity To (DN Attribute) [mm/dd/yyyy]
  -e         Contact Email Address (SAN Attribute)
  -i         URI Name (SAN Attribute)
  -d         DNS Name (SAN Attribute)
  -a         IP Address (SAN Attribute)

  -k         Key Size [1024 | 2048]

---------------------------------------------------------------------------------
*** Command Examples
---------------------------------------------------------------------------------

** Using NMCSecurityWizardCLI to create both a CA Root Certificate and SSL Certificate. **

#> NMCSecurityWizardCLI --caroot -o CARootFile -n certauth.company.com -c US -m "New York" -l Buffalo -g "ABC Company" -u "Enterprise IT" -e ca_request@company.com -f "06/01/2018" -t "05/31/2022"

#> NMCSecurityWizardCLI --sslcert -o apcupsSSLCert -r CARootFile -n apcups01.company.com -c US -m Florida -l Miami -g "APC Company" -u "Information Technology" -e john.doe@example.com -a 10.52.13.4 -i http://apcups01.company.com -d apcUPS01 -f "05/11/2018" -t "05/10/2021"


** Using NMCSecurityWizardCLI to create a 1024 bit SSH Host Key. **

#> NMCSecurityWizardCLI --sshkey -o keyOut -k 1024

** Using NMCSecurityWizardCLI to create a 2048bit SSH Host Key. Note: NMCSecurityWizardCLI defaults to 2048bit keys unless otherwise specified. -k 2048 is not required but will work.

#> NMCSecurityWizardCLI --sshkey -o apcUPShostKey


**Using NMCSecurityWizardCLI to create a Certificate Signing Request for submission to a third party Certificate Authority, such as Microsoft Certificate Services. **

#> NMCSecurityWizardCLI --csr -o apcUPS01CSR -n apcUPS01.company.com -c US -m Florida -l Miami -g "ABC Company" -u "Information Technology" -e ITadministrator@company.com -a 10.117.3.56 -i http://apcUPS01.company.com -d apcUPS01

*Submit apcUPS01CSR.csr file received from NMCSecurityWizardCLI tool to your Certificate Authority. Submit that file to your CA. Then, you should receive a .cer or .crt file in return from the CA to proceed to the next step.

#> NMCSecurityWizardCLI --import -o apcUPS01SSLCert -s signedCert.cer -p apcUPS01CSR
  
---------------------------------------------------------------------------------
*** Known Issues
---------------------------------------------------------------------------------

* To ensure full compatibility with all supported features and functions or problems with Microsoft Certificate Authorities, NMC2 firmware applications with AOS v6.6.4+ must be used on your NMC2 device.

* Limitation of one instance of each Subject Alternative Name (SAN) attribute. This means only one DNS name, one URI (web address), and one DNS name can be specified. A fix is planned for a future release. Possible workaround for users is to specify additional SAN attributes by appending them to the CSR during submission to the CA.


* No informational summary provided on-screen for SSH Host Key created with --sshkey option.
 
---------------------------------------------------------------------------------
Fixed Issues Since Previous Revision(s)
---------------------------------------------------------------------------------
* None. Initial public release.





