My home PC is an Ivy Bridge AMT, and I can OOB remote control it over the Internet using VNC Plus. I want to enable TLS security. Is it possible to enable TLS without a Windows domain PKI nor purchasing a cert from a public CA? I own a public domain and use a dynamic DNS Windows service running on my PC to update DNS when my ISP changes my IP address.
I have created a self-signed cert using Win7's Certificates mmc-snapin (and converted to .pem format using http://tinyurl.com/amys52 http://tinyurl.com/amys52) but when I run through the AMT Configuration Utility to enable TLS using the "Use certificate from file" option, I get error "Failed to configure this Intel AMT device. Error found with the supplied certificate". Am I flogging a dead horse here? Even if I get the cert format right will I be able to securely OOB remote control without user interaction authorising the incoming VNC connection?