Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

How to enforce Mesh Central for TLS1.2 Certificate

Deepak_S_
Beginner
1,156 Views

Hi Team,

We have deployed mesh central server and apply certificate to support TLS1.0, TLS1.1 and TLS1.2. But for some securty reason we want to disable TLS1.0 from the mesh central server. But when we disable TLS1.0 at server, we are unable to connect our machine.

Can you please guide me, how can we enforce TLS1.2 at our mesh central server to avoid TLS1.0 cerificate.

Please let me know, if you need any more information.

Waiting for your response.

Regards

Deepak

 

 

0 Kudos
3 Replies
Deepak_S_
Beginner
1,156 Views

Guys,

Any update on this. Please let me know if you need any more information.

 

Thanks

Deepak

0 Kudos
Ylian_S_Intel
Employee
1,156 Views

Hi. Sorry for the delay, I am been traveling. Disabling TLS 1.0 is completely understandable. A few questions on your setup:

 - Are you using MeshCentral1 or MeshCentral2 as your server?
 - When you say you can't connect to the computers, are you talking about the MeshAgent or AMT?

A note that I am currently working on MeshCentral2 (http://www.meshcommander.com/meshcentral2). I recently updated that version to support all the latest security (RSA3072, SHA386, TLS1.2).

Thanks,
Ylian

0 Kudos
Deepak_S_
Beginner
1,156 Views

Thank you Ylian for your response.

Here is my comment:

 Are you using MeshCentral1 or MeshCentral2 as your server?

- We are currently using MeshCentral1 as our Mesh Central Server.

 When you say you can't connect to the computers, are you talking about the MeshAgent or AMT?

- If we disable TLS1.0, We are unable to connect through MeshAgent. No device seen as "Power On" at the Mesh Server dashboard.

Note: We are planning to upgrade the our server with MeshCentral2 in first quarter of next year. 

But presently we need to use the current server on TLS1.0 disabling mode. It is creating security vulnerability issue at our end.

I hope all the information provided to you.If you need any more information, please let me know.

Thanks

Deepak

0 Kudos
Reply