- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I'm trying remote configuration using Windows\Intel_Manageability_Configuration\Bin\ConfigurationServer.exe
available in AMT SDK. Bought the provisioning certificate from godaddy and exported to pfx
Created the full chain certificate file(private key, publickey,rootca publickey, intermediate ca publickey) using following command
openssl pkcs12 -in FullChain.pfx -out FullChain.pem –nodes
Root ca file(rootca publickey, intermediate ca publickey)using following command
openssl pkcs12 -in FullChain.pfx -cacerts -out rootCert.pem
I used defaul.cof.xml and changed the necessary settings
When the configuration server receives hello packet, provisioning is failed with following message
=======================================================
[2011-06-08 12:50:23] Incoming Connection from x.x.x.x:16994
Incoming data is:
Configuration version: PKI Configuration
Count : 0
UUID : E06C0792-7535-11E0-AADD-04175D769909
reading configuration from default.conf.xml
>> Starting configuration call sequence <<
Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable
Failed while calling Soap call GetCoreVersion. AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable
- failed to establish connection with AMT
- attempt to connect using default credentials...
Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable
Failed while calling Soap call GetCoreVersion. AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable
- failed to establish connection with AMT
Aborting configuration
Warning: SetProvisioningParameters() failed
==============================================
Reason for failure may be due to order of certificate in fullchain.pem, if I change the order of certificate like (private key, publickey,intermediate ca publickey,rootca publickey)
root ca public key as last certificate then able to configure AMT properly.
Is the above error related to order of certificate in FullChain.pem, if so how we can create FullChain.pem having root ca as last certificate?
Thanks,
Mani
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mani,
You found the solution to the problem exacty. The TLS stack expects the order of certificates in the PEM to be leaf-intermediate CA-...-Root CA, but OpenSSL does not create a PEM in this order when there are intermediate CA certificates.
The SCS looks for certificates in the certificate store and does not have this problem.
regards,
Dick
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page