- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi all,
how can we make different .conf.xml file for different hosts, while setting up enterprise mode, because at that time we dont know uuids of hosts ?
I think if TLS is enabled then hostname is mandatory in conf.xml file, so we need different conf.xml file for every host ??? So different files are essential if TLS is enabled ???
Any suggestion about using different conf.xml files or using default.conf.xml file.
- Sohaib
how can we make different .conf.xml file for different hosts, while setting up enterprise mode, because at that time we dont know uuids of hosts ?
I think if TLS is enabled then hostname is mandatory in conf.xml file, so we need different conf.xml file for every host ??? So different files are essential if TLS is enabled ???
Any suggestion about using different conf.xml files or using default.conf.xml file.
- Sohaib
Link Copied
4 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi!
If you decide to have a different config for each AMT device using UUID???.conf.xml, you need to know the UUID before hand maybe from the manufacturer. When yourconfiguration server receives the hello message, you can extract the UUID and then locate the UUID.conf.xml match.
nhel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi VW,
Its not the case that I have decided to have different .conf.xml file for every machine, I want to use TLS, if that can be done with one file, then I 'll use one. I think while using TLS different files are necessary ?
So, If we initially set the hostname of a machine then we cannot change it (because the certificates 'll get useless), if the enviroment is DHCP based then we cannot even change the hostname of the running OS ?? because in dhcp based environment it is recommended to have same hostname for AMT and host processor.
Sohaib
Its not the case that I have decided to have different .conf.xml file for every machine, I want to use TLS, if that can be done with one file, then I 'll use one. I think while using TLS different files are necessary ?
So, If we initially set the hostname of a machine then we cannot change it (because the certificates 'll get useless), if the enviroment is DHCP based then we cannot even change the hostname of the running OS ?? because in dhcp based environment it is recommended to have same hostname for AMT and host processor.
Sohaib
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TLS doesn't require you to use different sets of PSK and certificates. It is up to you to decide. But of course using different combinations is much more secure.
I agree with you on the second part, it is not easy to change the AMT parameters (i.e. hostname) since you also need to change the certificate. But I think Intel has a recommendation on how to handle this situation. You may refer to the "Deployment Guide" document provided by Intel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
TLS does't require different psk and certificates but it does require different hostnames in .conf.xml file, so one .conf.xml file 'll not work ?
Sohaib
TLS does't require different psk and certificates but it does require different hostnames in .conf.xml file, so one .conf.xml file 'll not work ?
Sohaib
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page