EMA PKI Certificate is not displayed under available certificates

Dawid9 · ‎05-11-2023

Hello

I have a ema server running and now the PKI cert expired. I got a new cert from DigiCert. Imported it and under the certicicates it is shown as "PKI Certificate". I noticed that DigiCert changed there cert chain.
The new certification chain is: DigiCert Global Root G2 --> DigiCert Global CA G2 --> newCert
The old certification chain was: DigiCert Global Root CA --> DigiCert SHA2 Secure Server CA --> oldCert

Under "Intel AMT autosetup" --> "Available Certificates" there are not certificates. The new one isn't selectable or visible. The expired is not visible as well.

The old cert was installed when EMA was in version 1.7.1.0. Now it's in version 1.10.1.0.

Does anyone has an idea how I can fix the issue an make use of the new certificate?

Regards

MIGUEL_C_Intel · ‎05-11-2023

Hello, Dawid9,

I understand the new Certificate was installed into the Settings tab of the EMA web console and you can see the 3 lines of the Certificate chain. When you try to select the new Cert, the AMT auto setup is not showing any of the Certificates. We should see at least the old certificate.

1- DigiCert Global Root G2

2- DigiCert Global CA G2

3- newCert

Are both Certificates at the personal store of the IIS?

Did you restart the EMA services or the server after adding the new Certificate?

If the problem continues, please send me the EMA server log.

Path: [System drive]\Program File(x86)\Intel\Platform Manager\EmaLogs

Regards,

Miguel C.

Intel Customer Support Technician

Dawid9 · ‎05-12-2023

I reinstalled the certificate and that did the trick. Thanks

MIGUEL_C_Intel · ‎05-12-2023

Hello, Dawid9,

I am glad the new Certificate worked with your Intel® EMA configuration.

Thank you for using our products.

Regards,

Miguel C.

Intel Customer Support Technician