Ha yes, that TLS-PSK is causing lots of problems because it's not implemented in almost any TLS library... in fact, it probably only works with the "modified" OpenSSL included in the Intel AMT SDK.
In Intel AMT Director, a C# application, I solved this by saveing a configuration file and calling "ConfigurationServer.exe". I modified the configuration server that is included in the SDK and removed the server portion... so how, I just call "ConfigurationServer.exe
Yep, basicaly, no good options here...
(Intel AMT Blog)
Yes, I will still have to make a call to ConfigurationServer for the "Remote Configuration" mode with certificates hashs. That TLS connection is also... "atypical". Normally with TLS, the server must have a certificate and it's optional for the client. In this case, Director would connect to Intel AMT, but Director would have the certificate and AMT would have none. It's a TLS in reverse since the client has the cert and the server does not.
So yes, your going to be using ConfigurationServer.exe for all initial provisioning. To make it easy, you could just use my modified ConfigurationServer.exe from Director.
Ylian (Intel AMT Blog)
hi, brother. Now I also need to implement TLS-PSK using Java. but I do not know how to do it. Do I need to install openssl? Do I need to have a openssl jar package? Is there a ready-made interface? please help me, thank you.
Perhaps you could 1st enable your AMT System without TLS and then apply the TLS security using powershell? https://software.intel.com/en-us/blogs/2012/01/20/how-to-configure-your-system-to-run-the-intelvpro-powershell-module