Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Intel EMA. Problem updating PKI certificate for AMT provisioning

FFern4
Novice
2,627 Views

Hi

I have a Intel EMA server (version 1.3.3.1). The PKI certificate for AMT provisioning is close to expire. I have buyed a new one, and when I tried to upload it, the process failed. 

The new certificate was not uploaded, and the old one does´t appear in the settings tab. Instead of it, the following error appears:

  • Internal Server Error. Please contact the administrator

However, the old certificate seems to be active as it is still possible to provision AMT devices.

It is not possible to upload any certificate. It fails all the times

I have created a new tenant for testing, and the behavior is the same. If I remove the old certificate before uploading the new one, it works, but if I try to upload the new one without removing the old one, it fails and the server remains with the internal server error

How could I fix this issue?

Thanks in advance

 

Fernando

0 Kudos
12 Replies
JoseH_Intel
Moderator
2,617 Views

Hello FFern4,


Thank you for joining the Intel community


Make sure you are following the steps depicted in the section 3.3 Upload a PKI certificate of the Intel EMA User Guide: https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-admin-and-usage-guide.pdf#page=22


If done correctly and the issue persists please let me know so we can see if this is a expected behavior of the software not accepting more than 1 CA at the time


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
FFern4
Novice
2,609 Views

Hi Jose

Thanks for your answer.

I think I am uploading the PKI properly. I have different tenants, I have been able to upload certificates without problems. But when I try to upload the new certificate to replace the old one that is close to expire, it fails.

The problem seems to be related to the issue that the second certificate is the same (for the same domain) that the first one, just with a different expiration date. In the past, I was able to upload two certificates, but for different domains. If I remove the first certificate (in a new tenant created for testing), I am able to upload the new one, so I think I am doing the uploading process properly

There is an additional issue: when the certificate is used by an AMT profile, it is not possible to remove the certificate. Anyway, in the tenants where I tried to upload the new certificate, the old certificate is missing and no certificates can be uploaded at all, as the server is in an error state.

Internal Server Error. Please contact the administrator

 

FFern4_0-1612526723693.png

 

Best Regards

Fernando

0 Kudos
JoseH_Intel
Moderator
2,597 Views

Hello FFern4,


Let me research on this and I will let you know soon


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
JoseH_Intel
Moderator
2,591 Views

Hello FFern4,


Can you please provide the log stored in the following location:


C:\Program Files (x86)\Intel\Platform Manager\EMALogs 


I will look forward for your updates


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
FFern4
Novice
2,586 Views

Hi

Find attached the logs. I have reproduced the problem just before copying the log files

Best regards

Fernando

0 Kudos
JoseH_Intel
Moderator
2,577 Views

Hello FFern4,


Thank you for the logs. Please allow us some time in order to analyze them. We will let you know our findings.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
JoseH_Intel
Moderator
2,408 Views

Hello FFern4,


By any chance have you tried to contact the certificate vendor for assistance about this issue? If not we suggest if could be helpful to create a parallel ticket related to this.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
FFern4
Novice
2,405 Views

Hi

The certificate vendor is Goddady.

We have not contacted Goddady. Certificates seem to work fine. The only problem is when updating the certificate in Intel EMA.

I could send you the certificates in a private message for testing in your lab

Regards

Fernando

0 Kudos
JoseH_Intel
Moderator
2,395 Views

Hello FFern4,


Thank you for the update. Please do not send the certificate through a public thread. Instead you can attach some screenshots of the certificate store where the current certificate is installed. But please also check with GoDaddy for any inconsistencies on your new certificate file.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
JoseH_Intel
Moderator
2,341 Views

Hello FFern4,


Do you have any updates, questions or comments in regards to this issue? Please do not hesitate to contact us back. If you consider the issue to be completed please let us know so we can proceed to mark this thread as closed. I will try to reach you by a last time on next Monday 1st. After that the thread will be automatically archived.


Regards 


Jose A.

Intel Customer Support Technician


0 Kudos
JoseH_Intel
Moderator
2,319 Views

Hello FFern4,


We will proceed to mark this thread as closed. If you have further issues or questions just go ahead and submit a new topic.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
FFern4
Novice
2,278 Views

Hi

Sorry for the late response. I have been sick and I have no worked for several days.

My fellows had to remove the tenants and create new tenants to load the new certificate. It was not possible to load the new certificate if the old one was already uploaded.

Godaddy didn´t find anything wrong in the new certificate

Regards

Fernando

0 Kudos
Reply