I am trying to set up vPro on our corporate network for the first time and had a cert question. In order to remotely configure the computers (we will be working with over 10,000 Windows 7 computers running AMT 7 or higher) is a public certificate that matches one of the ones hard coded into the vPro chipset required? We are looking at having a zero touch configuration that will allow for KVM control over the computer (probably with RealVNC+) without any user consent. We will be using Active Directory Integration and adding groups for the ACL for access. The database and server will be running on Server 2008 R2. I am kinda new at this so let me know if I am missing any information for an answer. We will also be using SCCM 2012 for our deployment more than likely. Thanks.
Using a certificate acquired from one of the supported certificate authorities is best practice. Especially if you're looking to remote configure that many computers. Here is a guide for each of the supported certificate authorities.
https://www-ssl.intel.com/content/www/us/en/remote-support/intel-vpro-certificates.html Intel® vPro™ Technology Provisioning Certificates
After receiving a provisioning certificate, you will want to use SCS 9 to configure them.
https://www-ssl.intel.com/content/www/us/en/software/setup-configuration-software.html Intel® Setup and Configuration Software (Intel® SCS)
If you do end up using SCCM 2012, you can integrate SCS 9 using the SCS Add-on.