Re: TLS and AMT DTK

adrianfreemantle · ‎06-21-2007

Hi,

I have managed to provision my AMT clients with TLS mutual authentication. I installed the relevant certificates on my SCS pc and on my management pc. Although I am able to connect to the AMT client securely on port 16993 using the web console, I am unable to do so with the DTK. I have ensured that I am using the correct port, but when the AmtSystem class calls ConnectEx I get a WebException when the following line executes:

string s = SecurityAdmin.GetCoreVersion();

The exception message is: The underlying connection was closed: An unexpected error occurred on a receive.

The inner exception is: Unable to read data from the transport connection: An established connetion was aborted by the software in your host machine

I'm convinced that this is an authentication failure, but I dont know how to go about fixing this.

Ylian_S_Intel · ‎06-22-2007

I am just working on mutual-auth support in the Intel AMT DTK right now. It should be done sometime next week. In the version that was just released yesterday (v0.32h), I added mutual-auth support in the Intel AMT Outpost tool. I added it in the agent first because it was the simplest to test, if I made a mistake, I would not have to re-provision the computer completely.

The way Outpost works now and Commander will work this next week, both will automaticaly look for a certificate in Microsoft Windows "my certificate store" and attempt to use it. They both already provide a certificate management form for managing personal certificates and trusted roots. So, it should make everything really easy.

Ylian (Intel AMT Blog)