Community
cancel
Showing results for 
Search instead for 
Did you mean: 
MPala11
New Contributor II
901 Views

Godaddy certificate with configuration server

Hi All,

I'm trying remote configuration using Windows\Intel_Manageability_Configuration\Bin\ConfigurationServer.exe

 

available in AMT SDK. Bought the provisioning certificate from godaddy and exported to pfx

Created the full chain certificate file(private key, publickey,rootca publickey, intermediate ca publickey) using following command

 

openssl pkcs12 -in FullChain.pfx -out FullChain.pem –nodes

Root ca file(rootca publickey, intermediate ca publickey)using following command

 

openssl pkcs12 -in FullChain.pfx -cacerts -out rootCert.pem

 

 

I used defaul.cof.xml and changed the necessary settings

 

When the configuration server receives hello packet, provisioning is failed with following message

 

=======================================================

 

[2011-06-08 12:50:23] Incoming Connection from x.x.x.x:16994

 

Incoming data is:

 

Configuration version: PKI Configuration

 

Count : 0

 

UUID : E06C0792-7535-11E0-AADD-04175D769909

 

reading configuration from default.conf.xml

>> Starting configuration call sequence <<

Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable

 

Failed while calling Soap call GetCoreVersion. AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable

 

- failed to establish connection with AMT

 

- attempt to connect using default credentials...

 

Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable

 

Failed while calling Soap call GetCoreVersion. AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable

 

- failed to establish connection with AMT

 

Aborting configuration

 

Warning: SetProvisioningParameters() failed

 

==============================================

 

Reason for failure may be due to order of certificate in fullchain.pem, if I change the order of certificate like (private key, publickey,intermediate ca publickey,rootca publickey)

 

root ca public key as last certificate then able to configure AMT properly.

 

Is the above error related to order of certificate in FullChain.pem, if so how we can create FullChain.pem having root ca as last certificate?

Thanks,

 

Mani

 

1 Reply
idata
Community Manager
74 Views

Mani,

You found the solution to the problem exacty. The TLS stack expects the order of certificates in the PEM to be leaf-intermediate CA-...-Root CA, but OpenSSL does not create a PEM in this order when there are intermediate CA certificates.

The SCS looks for certificates in the certificate store and does not have this problem.

regards,

Dick

Reply