I notice that you still have that very old firmware on your system. I beleive there has been 12 updates since what is on your system. You are runing an AMT 2.0 firmware against AMT 2.1 capabilities. It is possible that the power options that the SCA is trying to set were not there in AMT 2.0. I'm not 100% sure this is your problem, but you do need to get your system to the current version of firmware - there have been a lot of issues fixed since the version that you are running. (remember the first question we usually have for people is: What version of the firmware are you running? )
If you are getting a message saying that you need to return your system back to the Factory mode, then I would say you need to do that.
I'm also working on a setup and configuration service that's more or less the same with SCA. I also encountered the same problem with the power settings. I think the value specified in the XML is incorrect. With regards to the certificates, SCA can use a pre-generated certificate or generate a new certificate. The Intel AMT SDK SetTLSKeyAndCertificate API asks for the key data and certificate chain data. The default filenames are cchain.raw and newkey.pem, which contains the certificate chain data and private key respectively. The file cchain.raw is generated by extracting information from the root certificate down to the certificate for the device. The root certificate is located in BinConfigurationCertGeneratorSecConfig.
To simply answer your question "does SCA stores them locally ?", yes, the certicates are stored locally. You may trace the *.bat files for the filenames.
// Pre-generated certificates
// To generate a new certificate
You are right, SCA creates those files. But you will not be able to see those files after executing SCA because they are deleted by calling "provend.bat". If you wanna see these files, you need to edit "configurationserver.cpp", comment out the line
if(0 != ExecBatchScript("PROVEND.BAT", NULL, true,configPath.c_str()))
and recompile the code in order to prevent the execution of provend.bat.
SCA/SCS stores the certificates in specific directories in order to use them again when authenticating the server/AMT device.
hope this helps!