Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

how can i do about the Problem with the local SSL certificate?

bin__ch
New Contributor I
902 Views

https://software.intel.com/zh-cn/articles/how-to-create-self-signed-cert.

i follow this course to get my SSL CERTIFICTE.

I'm breaking down. I tried to operate and register three times. I'm sure I filled in every step carefully. Then upload the CRT file to GitHub and provide the download link to intel. When I get the Intel reply to my SPID, then i use curl  (curl -1 --tlsv1.2 -v --key client.key --cert client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v3/sig...)  to test wether the register is correct. but the results are wrong. I don't know what's wrong. i'm sure i filled up every item of the CSR.

 

output:

root@chen:/home/chen/client# curl -1 --tlsv1.2 -v --key client.key --cert client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v3/sig...

Trying 52.22.58.45...

Connected to test-as.sgx.trustedservices.intel.com (52.22.58.45) port 443 (#0)

found 148 certificates in /etc/ssl/certs/ca-certificates.crt

found 597 certificates in /etc/ssl/certs

ALPN, offering http/1.1

gnutls_handshake() failed: The handshake data size is too large.

Closing connection 0
curl: (35) gnutls_handshake() failed: The handshake data size is too large.

 

env:

ubuntu 16.04

0 Kudos
6 Replies
bin__ch
New Contributor I
902 Views
0 Kudos
Scott_R_Intel
Employee
902 Views

Hello.

An issue has been fixed with the SGX IAS dev server.  Please try again and let us know if still not working.

Regards.

Scott

0 Kudos
bin__ch
New Contributor I
902 Views

@Scott R. (Intel) (Intel)

 

 

i have tried it again.but the result is the same as before.

ouput:

root@chen:/home/chen/client/ca1# curl -1 --tlsv1.2 -v --key client.key --cert client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v3/sigrl/00000ABC

*   Trying 52.4.104.33...
* Connected to test-as.sgx.trustedservices.intel.com (52.4.104.33) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*      server certificate verification OK
*      server certificate status verification SKIPPED
*      common name: test-as.sgx.trustedservices.intel.com (matched)
*      server certificate expiration date OK
*      server certificate activation date OK
*      certificate public key: RSA
*      certificate version: #3
*      subject: C=US,postalCode=95630,ST=CA,L=Folsom,street=FM1-110,street=1900 Prairie City Rd.,O=Intel Corporation,OU=Hosted by Intel Corporation,OU=Enterprise SSL Pro,CN=test-as.sgx.trustedservices.intel.com
*      start date: Mon, 28 Aug 2017 00:00:00 GMT
*      expire date: Wed, 28 Aug 2019 23:59:59 GMT
*      issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Organization Validation Secure Server CA
*      compression: NULL
* ALPN, server accepted to use http/1.1
> GET /attestation/sgx/v3/sigrl/00000ABC HTTP/1.1
> Host: test-as.sgx.trustedservices.intel.com
> User-Agent: curl/7.47.0
> Accept: */*

< HTTP/1.1 404 Not Found
< content-length: 0
< request-id: a30a0073f0d241bfb785d33ce7ff8738
< date: Thu, 24 Jan 2019 08:30:44 GMT
< Connection: keep-alive

* Connection #0 to host test-as.sgx.trustedservices.intel.com left intact
 

 

0 Kudos
bin__ch
New Contributor I
902 Views

@Scott R. (Intel) (Intel)

 

 

i have tried it again.but the result is the same as before.

ouput:

root@chen:/home/chen/client/ca1# curl -1 --tlsv1.2 -v --key client.key --cert client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v3/sig...

*   Trying 52.4.104.33...
* Connected to test-as.sgx.trustedservices.intel.com (52.4.104.33) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*      server certificate verification OK
*      server certificate status verification SKIPPED
*      common name: test-as.sgx.trustedservices.intel.com (matched)
*      server certificate expiration date OK
*      server certificate activation date OK
*      certificate public key: RSA
*      certificate version: #3
*      subject: C=US,postalCode=95630,ST=CA,L=Folsom,street=FM1-110,street=1900 Prairie City Rd.,O=Intel Corporation,OU=Hosted by Intel Corporation,OU=Enterprise SSL Pro,CN=test-as.sgx.trustedservices.intel.com
*      start date: Mon, 28 Aug 2017 00:00:00 GMT
*      expire date: Wed, 28 Aug 2019 23:59:59 GMT
*      issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Organization Validation Secure Server CA

*      compression: NULL

* ALPN, server accepted to use http/1.1
> GET /attestation/sgx/v3/sigrl/00000ABC HTTP/1.1
> Host: test-as.sgx.trustedservices.intel.com
> User-Agent: curl/7.47.0
> Accept: */*

< HTTP/1.1 404 Not Found
< content-length: 0
< request-id: a30a0073f0d241bfb785d33ce7ff8738
< date: Thu, 24 Jan 2019 08:30:44 GMT
< Connection: keep-alive

* Connection #0 to host test-as.sgx.trustedservices.intel.com left intact
 

0 Kudos
bin__ch
New Contributor I
902 Views

Scott R. (Intel) (Intel) wrote:

Hello.

An issue has been fixed with the SGX IAS dev server.  Please try again and let us know if still not working.

Regards.

Scott

 

 

i have tried it again.but the result is the same as before.

output:

root@chen:/home/chen/client/ca1# curl -1 --tlsv1.2 -v --key client.key --cert client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v3/sigrl/00000ABC

*   Trying 52.4.104.33...
* Connected to test-as.sgx.trustedservices.intel.com (52.4.104.33) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*      server certificate verification OK
*      server certificate status verification SKIPPED
*      common name: test-as.sgx.trustedservices.intel.com (matched)
*      server certificate expiration date OK
*      server certificate activation date OK
*      certificate public key: RSA
*      certificate version: #3
*      subject: C=US,postalCode=95630,ST=CA,L=Folsom,street=FM1-110,street=1900 Prairie City Rd.,O=Intel Corporation,OU=Hosted by Intel Corporation,OU=Enterprise SSL Pro,CN=test-as.sgx.trustedservices.intel.com
*      start date: Mon, 28 Aug 2017 00:00:00 GMT
*      expire date: Wed, 28 Aug 2019 23:59:59 GMT
*      issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Organization Validation Secure Server CA
*      compression: NULL
* ALPN, server accepted to use http/1.1
> GET /attestation/sgx/v3/sigrl/00000ABC HTTP/1.1
> Host: test-as.sgx.trustedservices.intel.com
> User-Agent: curl/7.47.0
> Accept: */*

< HTTP/1.1 404 Not Found
< content-length: 0
< request-id: a30a0073f0d241bfb785d33ce7ff8738
< date: Thu, 24 Jan 2019 08:30:44 GMT
< Connection: keep-alive

* Connection #0 to host test-as.sgx.trustedservices.intel.com left intact
 

0 Kudos
Scott_R_Intel
Employee
902 Views

Hello again.

Where are you getting your EPID group ID (00000ABC) from?  If that's not a real ID, 404 is expected.  You need to use a valid EPID group ID to receive a 200 OK message.  I just confirmed this works fine with a valid group ID.

Regards.

Scott

0 Kudos
Reply