- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
Have installed Intel EMA and have provisioned Intel AMT with on-prem PKI computer certificate.
When entering the https://"ipadress or machinename":16993 we get certificate error since "Intel EMA" has enrolled computer certificate issued by "MeshRoot-355549D0".
Why is Intel EMA doing this?
Intel EMA has also enrolled Computer Certificate from out internal Microsoft CA and uses that fine for 802.1x authentication. That sertificate contains also http/dnsname:16993 in Subject Alternative name.
It should not be necessary that Intel EMA bind and issue a certificate issued by "MeshRoot-355549D0" when we are using our internal Microsoft CA.
Please fix this!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am afraid you are mixing this with another case.
According to Intel, this is by design as certificates used in TLS is generated by Intel EMA's own built certificate authority. The exception to this is when you are using 802.1x authentication, then Intel EMA uses your own internal on-premises CA.
I hope Intel will add this on the roadmap to use internal CA for the TLS and WebPage binding also.
It do not make any sense that Intel EMA shall use it's own built in CA when the customer has its internal Microsoft CA PKI infrastructure.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Horgster,
Thank you for contacting Intel Customer Support.
We are going to email you answering all your questions.
Best regards,
Sergio S.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Community - the post below was inaccurate and mis-posted by me and was a response for a different thread. The post below from Horgster is most accurate.
To close on this thread for the community, we met with customer for troubleshooting and found that TLS was disabled by the OEM on the systems exhibiting the issues with AMT v.9xx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am afraid you are mixing this with another case.
According to Intel, this is by design as certificates used in TLS is generated by Intel EMA's own built certificate authority. The exception to this is when you are using 802.1x authentication, then Intel EMA uses your own internal on-premises CA.
I hope Intel will add this on the roadmap to use internal CA for the TLS and WebPage binding also.
It do not make any sense that Intel EMA shall use it's own built in CA when the customer has its internal Microsoft CA PKI infrastructure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Horgster,
Thank you for pointing this out and bringing to my attention. Your description is accurate and I will mark it as such. Just a note that this is in our backlog for future versions of EMA, however, there is no ETA as to when it will be implemented.
Regards,
Michael
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page