Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
Announcements
FPGA community forums and blogs on community.intel.com are migrating to the new Altera Community and are read-only. For urgent support needs during this transition, please visit the FPGA Design Resources page or contact an Altera Authorized Distributor.
3049 Discussions

802.1 Provisioning Issue

idata
Employee
‎01-11-2012 06:52 AM
1,744 Views

Hi

I've run into an issue with AMT provisioning on a Lenovo M91p running firmware / MEI 7.x

Running the provision from SCCM with SP2 installed. I can fully provision a device without using the 802.1x and wireless options on the OOBM settings, but when configuring the 802.1x and wireless options I get the following information in the log:

Error: Failed to add a new Trusted root certificate,Device does not support the certificate format.

Error: Failed to add a new Trusted root certificate,return value:2063.

Error: Failed to finish critical setup and configuration step. (AMTWSManUtilities::AddCertificate)

Warning: CSMSAMTProvTask::StartProvision Fail to call SetWirelessServerCertificate

Begin to set Wired 8021x Profile...

No Trust Root Certificate

The wired profile is invaid. Skip adding...

I have both imported the .CER and tried pulling directly from the issuing CA - but still get the same issue.

Are there any specific settings related to the Trusted Root Cert? Do I need the entire Cert chain as well?

We use a CA with issuing CA's on 2008.

Thanks

Ian

0 Kudos

Link Copied

1 Reply
idata
Employee
‎01-18-2012 09:53 AM
905 Views

I've worked out the problem, we need to use a shorter Root Cert. Ours is currently 4096, wheras we should be using a key length of no greater than 2048 for AMT.

I didnt run into the issue up to now as we use a Comodo Cert for provisioning.

The give away was:

Error: Failed to add a new Trusted root certificate,Device does not support the certificate format.

Error: Failed to add a new Trusted root certificate,return value:2063.

Solution:

Build a second CA with a Root key of 2048 in length. and issue this for purposes of 802.1x.

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.