Community
cancel
Showing results for 
Search instead for 
Did you mean: 
timfeldmann
Beginner
71 Views

Confusion using TLS and Remote Configuration

I'm having some troubles getting SCS up and running with these options.

1. Integrated with Active Directory

2. Remote configuration of the clients.

3. TLS authentication (prefer mutual).

My main confusion is over the certificates and where they come into play. I've obtained a verisign certificate and have validated that verisign is one of the built in hashes for my client devices. I've installed the certificate on the SCS server and ran the loadcert utility.

Now for TLS. I think for TLS I have to use an internal certificate from my PKI server. I've requested a certificate for my SCS server and installed it for the website running the AMTSCS and AMTSCS-RCFG. At this point it's confusing to me how to setup the profile for my devices. What Entries go into the "TLS Server Certificate Details" fields and what needs to be setup under the "Mutual Authentication" button.

I ran the RCT utility on the client to start the configuration process and I'm real close. I was able to successfully get a system to the "Provisioned" stateand verified the device was added to active directory. One thing that seems wrong to me is the "Authorized" field is false.Immediately afterthis theSCS server started logging messages that it is unable to communicate with the device. I'm getting exception messages stating"there is another process currently working on the device" and also SOAP (22) errors.

I cannot connect to theclient in a browser (port 16992 or 16993). But I can telnet to those ports and get a response

I'm running 3.1.0.7 of SCS. Since I'm just getting started if it would be beneficial to upgrade to 3.2 I can do so without a problem.

0 Kudos
1 Reply
71 Views

Hi,

For details on different certificates, refer to http://communities.intel.com/openport/blogs/proexpert/2007/10/05/i-d-like-to-tell-you-where-to-stick....

"Adding a Profile" section in SCS User Manual describes how to set up TLS Server certificates and Mutual Authentication.

You seem to have a firewall issue for connecting to the client. Please disable the firewall on both systems and see if it helps.

Yes, it would be better to upgrade to SCS 3.2. Also, we are very close to 3.3 release. You might want to wait until then before upgrading.

Hope this helps.

Thanks,

Sree

Reply