we have a VPN server with SSTP connection, which authenticated by user credentials and Server certificate on 2012 R2.
Now i must implement SSTP connection with user credentials and user certificate.
I found that there are many solution to store user certificates not in their OS, but in the TPM or IPT. Fine.
maybe has someone the documentations how to configure all this?
how i can import the certificates into IPT?
how i can say to VPN client - hey, please use a certificate from IPT?
thank you very much!
there is Intel Use Case Reference Design for IPT used for VPN login. Unfortunately I have only little personal experience with this.\
check https://downloadcenter.intel.com/download/21324/Intel-vPro-Technology-Use-Case-Reference-Design-Inte... Download Intel vPro Technology Use Case Reference Design – Intel IPT with PKI
Intel EMEA Biz Client Solution Architect
Thank you Dariusz,
now i'm trying to install the Intel_IPT_PKI_x64_v220.127.116.11 on Windows 10 x64 on NUC6i3SYK, but i get an error, though all required components are installed. maybe i missed something?
you are missing propper HW platform.
Within Intel IPT overall technology envelope - the PKI (HW cert store provider) is supported by Intel Core vPro platforms (Core i5 vPro, Core i7 vPro) ONLY.
The propper Intel NUC for this is Intel® NUC5i5MYHE.
This is the only current Core vPro model of Intel NUCs.
Your system supports IPT One Time Password and Intel Protected Transaction Display.
could you please tell whether OS X supports ITP ?
i have i MacBookAir with i7-4650U that supports vPRO. Can i use it to store users certificates?
Unfortunately Apple decided to not build vPro platforms.
There is Intel ME FW component of vPro Platform. For vPro it has to be Enterprise FW (5/6 MB) while for consumer platforms it is basic ME FW 1,5/2 MB image that do not support IPT PKI neither vPro/AMT.
Intel IPT PKI SW does not support OS X as well.