Problem with authentication TLS

raul_sanchez · ‎03-14-2008

When I try to connect with "https", port 16993, an exception occurs "AuthenticationException", server can't validate certificate.

When I connect to AMT device by iExplorer "https:\xx.xx.x.xx:16993", then I can connect to AMT UI. There, I haven't problems.

I don't know what I must to do in this step. I've never worked with certificates.

Please, can somebody help me in this area?

Thanks.

Sreelekshm_S_Intel · ‎03-14-2008

Hi,

Did you install the root certificate that issued the AMT certificate as Trusted root certificate on your Management Console system?

Thanks,

Sree

Ylian_S_Intel · ‎04-06-2008

I got a solution for this. For a web browser to correctly authenticate the remote computer, you need two things.

First, the Intel AMT certificate must be signed by a root certificate that is trusted by the web browser. If you used Intel AMT Director and issued a certificate to AMT using your own root certificate, you need to make sure that root certificate is also set to be trusted.
Second, you must access the Intel AMT computer using the same name that is in the certificate of Intel AMT. So, if you issue a certificate with the name "machine1.domain.com", you must use "https://machine1.domain.com:16993" to authenticate correctly. You can use the IP address or just a short hand like "machine1". Use the browser to look at the Intel AMT Certificate and look at it's name. Use that same name to access it.

For advanced developers, I want to also mention that this rule also applys to LMS access. If you use .NET access LMS using "https://localhost:16993", you will get a certificate error, you need to use the proper computer name, even for local access.

Hope this helps,
Ylian (Intel AMT Blog)