Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

Need help: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable


We need some help. We are receiving an SSL error when attempting to remote configure our Dell notebooks

We have a Go Daddy CA for provisioning our Dell notebooks. However, we are still unable to remote configure our vPro equipped systems.

Lan Setup:

Our Active Directory suffix is mycompany.corp (.corp is our AD Zone)

Our DHCP option 14 issues a suffix of (.com is our Unix based zone)

Our Go Daddy CA is

Our RCS server is

Error message from one of our notebooks:

Operation: Configuration


Date and Time: 8/22/2016 11:13:55 AM


Error Code: 3221246495


Severity: Failure


UUID: 4C4C4544-0030-3810-8047-C2C04F565931




Intel AMT IPv4:


Server Name: pbvproap01.mycompany.corp


Description: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable.


Failed while calling


WS-Management call


GetAmtVersion (CIM_SoftwareIdentity.Get). Intel(R) AMT connection error


0xc000521c: A TCP error occurred. Make sure that the destination settings are correct and that a network connection exists to the target.


Valid certificate for PKI configuration not found.
0 Kudos
1 Reply

Please check your GoDaddy certificate:

  1. Is it installed in certificate store of user running RCS Service (if RCS is run as Network Service it will be Computer certificate store)
  2. Is it Intel AMT Provisionig certificate?It should contain an Intel AMT unique OID (2.16.840.1.113741.1.2.3) in EKU if possible. It must contain the "SSL Server" OID (an IANA pre-defined OID). (this is what GoDaddy inserts into EKU when you select "certificate for Intel vPro"


    — OR —


    The OU value in the Subject field must be "Intel(R) Client Setup Certificate". This OU value is case-sensitive and must be entered exactly (without quotation marks). (this is used by other Root CAs)



  3. If it was issued recenly it is SHA256 certificate for sure. SHA256 certificates are supported by Intel AMT FW 6.0x or newer only.
  4. Does its trust chain start with Go Daddy Class 2 CA with SHA1 Fingerprint: ‎27 96 ba e6 3f 18 01 e2 77 26 1b a0 d7 77 70 02 8f 20 ee e4?


    Newer Go Daddy Root CA-G2 is supported by Intel AMT 11, and updated/recent versions of AMT FW 8,9.x,10. Those updated versions may be not made available by Dell for your HW.


    You may need to install GoDaddy G1 to G2 Cross Certificate gdroot-g2_cross.crt to rebuild trust chain to Go Daddy Class 2 CA (and Restart RCS).


Dariusz Wittek


Intel EMEA Biz Client Solution Architect


0 Kudos