I have managed to provision my AMT clients with TLS mutual authentication. I installed the relevant certificates on my SCS pc and on my management pc. Although I am able to connect to the AMT client securely on port 16993 using the web console, I am unable to do so with the DTK. I have ensured that I am using the correct port, but when the AmtSystem class calls ConnectEx I get a WebException when the following line executes:
string s = SecurityAdmin.GetCoreVersion();
The exception message is: The underlying connection was closed: An unexpected error occurred on a receive.
The inner exception is: Unable to read data from the transport connection: An established connetion was aborted by the software in your host machine
I'm convinced that this is an authentication failure, but I dont know how to go about fixing this.
I am just working on mutual-auth support in the Intel AMT DTK right now. It should be done sometime next week. In the version that was just released yesterday (v0.32h), I added mutual-auth support in the Intel AMT Outpost tool. I added it in the agent first because it was the simplest to test, if I made a mistake, I would not have to re-provision the computer completely.
The way Outpost works now and Commander will work this next week, both will automaticaly look for a certificate in Microsoft Windows "my certificate store" and attempt to use it. They both already provide a certificate management form for managing personal certificates and trusted roots. So, it should make everything really easy.
Ylian (Intel AMT Blog)