Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.
1381 Discussions

TLS server authentication

virtual_walker
Beginner
‎06-29-2007 10:50 PM
466 Views

I need help on TLS server authentication. I'm developing an AMT management consolefrom scratch. AMT remote configuration already works but I can't create a watchdog on the device (in Enterprise mode). All API calls returns an error 22 which means that I can't establish a connection with the device. I've encountered this error before in SmallBusiness mode when my password, username or target IP is wrong. How exactly should I handle server authentication? The root certificate of the certifcate chain I sent to the device is already trusted. Aside from username and password what other parameter should I use in order to communicate with AMT using TLS? I've read that I need to specify the certificate name, but I don't know which certficate in the chain to use.

I hope somebody out there can help.

target format used: "https://xxx.xxx.xxx.xxx:16993/servicename"

0 Kudos

Link Copied

5 Replies
virtual_walker
Beginner
‎07-02-2007 08:45 PM
466 Views
Finally, I got it working! Now, I know that for TLS server authentication only the server is authenticated. I don't need to specifiy any certificate in order to connect to AMT.
0 Kudos
Copy link
Gael_H_Intel
Moderator
‎07-03-2007 12:48 PM
466 Views
Great news! I'm glad you got it working, Virtual Walker!
0 Kudos
Copy link
Intel_C_Intel
Employee
‎07-09-2007 10:47 PM
466 Views

Hi,

I am also using server authentication for local interface. I know that we need not pass any certificates to work. But looks like I have to sign the certificate that iAMT passes to local interface to work. Please let me know if you have any idea.

thanks,

uday.

0 Kudos
Copy link
Ylian_S_Intel
Employee
‎07-20-2007 12:04 AM
466 Views

Hi, I don't full understand your last message, but will try to answer. When Intel AMT is in server authentication, it will use TLS for both local and remote interfaces and the console or agent don't need to provide there own certificate. This said, the Intel AMT certificate must be valid in time, have the certificate name matching the name you used to connect to the computer and correct certificate key usages.

When connecting to the local interface, do not use "127.0.0.1" or "localhost" but rather, use the full name of the computer "amtcomputer.testlab.com" or something like that. You must connect using the same name as the name in the certificate, even if you are doing a local connection. This way, the certificate name matching will work.

Hope this helps,
Ylian (Intel AMT Blog)

0 Kudos
Copy link
virtual_walker
Beginner
‎07-20-2007 08:35 PM
466 Views

Hi,

Have you successfullyset the AMT certificate using SetTLSKeyAndCertificate API?

virtual walker

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.