Community
cancel
Showing results for 
Search instead for 
Did you mean: 
virtual_walker
Beginner
57 Views

TLS server authentication

I need help on TLS server authentication. I'm developing an AMT management consolefrom scratch. AMT remote configuration already works but I can't create a watchdog on the device (in Enterprise mode). All API calls returns an error 22 which means that I can't establish a connection with the device. I've encountered this error before in SmallBusiness mode when my password, username or target IP is wrong. How exactly should I handle server authentication? The root certificate of the certifcate chain I sent to the device is already trusted. Aside from username and password what other parameter should I use in order to communicate with AMT using TLS? I've read that I need to specify the certificate name, but I don't know which certficate in the chain to use.

I hope somebody out there can help.

target format used: "https://xxx.xxx.xxx.xxx:16993/servicename"

0 Kudos
5 Replies
virtual_walker
Beginner
57 Views

Finally, I got it working! Now, I know that for TLS server authentication only the server is authenticated. I don't need to specifiy any certificate in order to connect to AMT.
Gael_H_Intel
Moderator
57 Views

Great news! I'm glad you got it working, Virtual Walker!
Intel_C_Intel
Employee
57 Views

Hi,

I am also using server authentication for local interface. I know that we need not pass any certificates to work. But looks like I have to sign the certificate that iAMT passes to local interface to work. Please let me know if you have any idea.

thanks,

uday.

Ylian_S_Intel
Employee
57 Views

Hi, I don't full understand your last message, but will try to answer. When Intel AMT is in server authentication, it will use TLS for both local and remote interfaces and the console or agent don't need to provide there own certificate. This said, the Intel AMT certificate must be valid in time, have the certificate name matching the name you used to connect to the computer and correct certificate key usages.

When connecting to the local interface, do not use "127.0.0.1" or "localhost" but rather, use the full name of the computer "amtcomputer.testlab.com" or something like that. You must connect using the same name as the name in the certificate, even if you are doing a local connection. This way, the certificate name matching will work.

Hope this helps,
Ylian (Intel AMT Blog)

virtual_walker
Beginner
57 Views

Hi,

Have you successfullyset the AMT certificate using SetTLSKeyAndCertificate API?

virtual walker

Reply