Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.
1392 Discussions

MeshCentral 2 - Trusted Root Certificate Etc.

Blair_K_
Beginner
‎06-02-2017 03:10 AM
3,092 Views

Hi,

I am testing MeshCentral 2 - Beta 1. 

Is it possible to configure the Web/MPS server to use your own trusted certificates rather than use those generated by the --cert parameter?

If yes, how would I go about getting this to work from the server and AMT client perspective?

Kind Regards,

Blair

0 Kudos

Link Copied

3 Replies
Joseph_O_Intel1
Employee
‎06-02-2017 07:58 AM
3,092 Views

Hey Blair,

The root hash for the certificate needs to be included at the firmware level. This can be done, but is a manual process and requires physically typing in the hash into the CSME.

Take a look in the CSME and you will see the root certificate store.

Joe

 

0 Kudos
Copy link
Blair_K_
Beginner
‎06-02-2017 11:22 AM
3,092 Views

Hello Joe,

think in this case we are talking about different certificates. I have previously used one of the firmware embedded root hash certificates during my zero touch AMT configuration process to enable AMT in admin mode. That is all working great.

In this instance I'm talking about the root and client certificates used for MeshCentral 2 - Beta 1 CIRA/TLS functionality. See this article http://www.meshcommander.com/meshcentral2/cira-setup. The configuration uses certificates generated by MeshCentral 2 during installation. My question is can these be switched out for certificates generated by your own CA?

As this is still a BETA solution it may not be possible but I'd like to check.

Thanks again,

Blair

0 Kudos
Copy link
Joseph_O_Intel1
Employee
‎06-02-2017 01:59 PM
3,093 Views

Hey Blair,

My apologies, I was talking the Provisioning Certificate and your talking the CIRA/TLS Certificate.

Ylian will have to speak to the requirements of Meshcentral2 and how to get the certificate installed for its use.

But talking from a strictly AMT point of view the certificates can be pushed to the firmware via a delta configuration profile. This profile can then be used acuconfig.exe and pushed to the clients in question. For more info on Delta Profiles see the AMT Developers Guide

ACUWizard and acuconfig.exe can be downloaded from the SCS Downloads page

Joe

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.