https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137713#M2116 <P>First, you need to make sure that you are using the correct cert and key by running these two commands:</P> <DIV><SPAN style="font-size: 13.008px;">$ openssl x509 -noout -modulus -in client.crt&nbsp;</SPAN></DIV> <DIV><SPAN style="font-size: 13.008px;">$ openssl rsa&nbsp; -noout -modulus -in client.key</SPAN></DIV> <DIV><SPAN style="font-size: 13.008px;">They should display the same modulus info.</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV><SPAN style="font-size: 13.008px;">Then you need to display the cert to make sure that it is the cert that you have submitted to Intel:</SPAN></DIV> <DIV><SPAN style="font-size: 13.008px;">$ openssl x509 -in client.crt -text</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV>Finally, test the connect with the cert to see whether you can complete the SSL handshake or not:</DIV> <DIV><SPAN style="font-size: 13.008px;">$ openssl s_client -connect test-as.sgx.trustedservices.intel.com:443 -cert client.crt -key client.key</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV>Please note that test-as.sgx.trustedservices.intel.com is for the DEV environment. Production has a different endpoint.</DIV> Tue, 06 Feb 2018 07:06:49 GMT Hoang_N_Intel 2018-02-06T07:06:49Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137711#M2114 <P>&nbsp;</P> <P>Hi,</P> <P>To test/use the remote attestation functionality, I have registered myself to Intel Trusted Services Infrastructure and sent a self-signed certificate.</P> <P>After getting the response, I tried to use various methods to connect to the URL:</P> <P><A data-toggle="tooltip" href="https://test-as.sgx.trustedservices.intel.com/" shape="rect" style="font-family: Arial, sans-serif; font-size: 13.3333px; text-size-adjust: auto;" title="https://test-as.sgx.trustedservices.intel.com/">https://test-as.sgx.trustedservices.intel.com:443/</A></P> <P>I tried:</P> <P>1. TLSv1.2 connection using OpenSSL</P> <P>2. Use web browser by setting the client certificate as the requested one</P> <P>3. Clone this (https://github.com/svartkanin/linux-sgx-remoteattestation) repository and set my certificate in that code.</P> <P>&nbsp;</P> <P><SPAN style="font-size: 1em;">However, from all of the methods that I listed, what I keep getting is that TLS connection cannot be established.</SPAN></P> <P><SPAN style="font-size: 13.008px;">I have checked PCAP during the communication and I can see that client requests TLSv1.2,</SPAN>after client certificate / client key exchange / client certificate verification, the IAS server just send FIN (disconnect).</P> <P>My clue is that my self-signed certificate is not registered correctly</P> <P>(although from access.log on my server I can see that the Intel IAS have grabbed my certificate),</P> <P>but registration service representative recommended me to post a question at this forum.</P> <P>Is there anyone who suffered the same problem?</P> <P>&nbsp;</P> Thu, 29 Jun 2017 21:26:36 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137711#M2114 yeongjin_j_ 2017-06-29T21:26:36Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137712#M2115 <P>Did you make it work?&nbsp;I am facing the same problem.</P> Thu, 01 Feb 2018 01:59:43 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137712#M2115 Roshan_Mehta 2018-02-01T01:59:43Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137713#M2116 <P>First, you need to make sure that you are using the correct cert and key by running these two commands:</P> <DIV><SPAN style="font-size: 13.008px;">$ openssl x509 -noout -modulus -in client.crt&nbsp;</SPAN></DIV> <DIV><SPAN style="font-size: 13.008px;">$ openssl rsa&nbsp; -noout -modulus -in client.key</SPAN></DIV> <DIV><SPAN style="font-size: 13.008px;">They should display the same modulus info.</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV><SPAN style="font-size: 13.008px;">Then you need to display the cert to make sure that it is the cert that you have submitted to Intel:</SPAN></DIV> <DIV><SPAN style="font-size: 13.008px;">$ openssl x509 -in client.crt -text</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV>Finally, test the connect with the cert to see whether you can complete the SSL handshake or not:</DIV> <DIV><SPAN style="font-size: 13.008px;">$ openssl s_client -connect test-as.sgx.trustedservices.intel.com:443 -cert client.crt -key client.key</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV>Please note that test-as.sgx.trustedservices.intel.com is for the DEV environment. Production has a different endpoint.</DIV> Tue, 06 Feb 2018 07:06:49 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137713#M2116 Hoang_N_Intel 2018-02-06T07:06:49Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137714#M2117 <P>I have the same issue and would like to know how to address it.&nbsp;</P> Mon, 04 Jun 2018 19:47:49 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Unable-to-use-the-registered-development-certificate-for-remote/m-p/1137714#M2117 Mon__Eddie 2018-06-04T19:47:49Z