Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

Problem with authentication TLS

raul_sanchez
Beginner
780 Views

When I try to connect with "https", port 16993, an exception occurs "AuthenticationException", server can't validate certificate.

When I connect to AMT device by iExplorer "https:\xx.xx.x.xx:16993", then I can connect to AMT UI. There, I haven't problems.

I don't know what I must to do in this step. I've never worked with certificates.

Please, can somebody help me in this area?

Thanks.

0 Kudos
2 Replies
Sreelekshm_S_Intel
780 Views

Hi,

Did you install the root certificate that issued the AMT certificate as Trusted root certificate on your Management Console system?

Thanks,

Sree

0 Kudos
Ylian_S_Intel
Employee
779 Views
I got a solution for this. For a web browser to correctly authenticate the remote computer, you need two things.
  • First, the Intel AMT certificate must be signed by a root certificate that is trusted by the web browser. If you used Intel AMT Director and issued a certificate to AMT using your own root certificate, you need to make sure that root certificate is also set to be trusted.
  • Second, you must access the Intel AMT computer using the same name that is in the certificate of Intel AMT. So, if you issue a certificate with the name "machine1.domain.com", you must use "https://machine1.domain.com:16993" to authenticate correctly. You can use the IP address or just a short hand like "machine1". Use the browser to look at the Intel AMT Certificate and look at it's name. Use that same name to access it.
For advanced developers, I want to also mention that this rule also applys to LMS access. If you use .NET access LMS using "https://localhost:16993", you will get a certificate error, you need to use the proper computer name, even for local access.

Hope this helps,
Ylian (Intel AMT Blog)


0 Kudos
Reply