- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I have setup EMA, 1.4.0.0, got our domain and the server all publicly setup, all access sorted on the firewall. I have got a SSL cert with the AMT OID, and all aligned to the server, converted and installed .cer file in completing CSR on IIS.
Exported the new import as .pfx, then installed in IIS.
Setup new endpoint group, created Wi-Fi profile, installed certs into settings, setup AMT profile, all good.
CIRA deployment test works fine, but the TLS part fails with "enable to get activation certificate from database". I am a little stumped, it all looks good, and if I check the appropriate SQL table the cert is listed.
Has anyone seen this please?
Regards, Si
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jose,
The version of EMA is 1.4.0.0, however I managed to fix this. I was looking at the SSL certificates, and although I'd re-assembled the chain of certs and imported into EMA, successfully (publicly issued SSL cert) for some reason the intermediate and root cert didn't appear in the list. So I converted those to .cer files and imported those as 'non PKI' certificates and it's all working.
When I built my last platform I'm not sure if I did the same, but we did have lots of issues on that one as the SSL supplier issued my first certificate without the Intel AMT OID, so it had to be re-created.
Anyway, good news is now working, so it was just the certs that were the issue in the end thankfully, just couldn't work out why I was getting the message. I presume that the TLS provisioning needs all 3 certificates in the chain to be imported and visually present int he EMA configuration GUI to reflect they are in the DB and working, and all three need to be there (i.e. Root-Intermediate-Device).
Regards,
Simon
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Beginner,
Thank you for joining the Intel community.
Are you using a commercially available certificate or are you trying to implement your own certificate?
We'll look forward for your updates.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi JoseH,
It's a Sectigo supplied cert with the Intel AMT specific OID. It has worked on another platform I setup inthe same way, it's just this one for some reason is giving this error. I setup the first platform on 1.3 version of EMA, this I installed as 1.4.0.0, but apart from that it's all the same. I have had the cert re-issued, and un-installed/re-installed all elements including SQL/IIS etc.
Regards,
SW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Beginner,
Thank you for the update. Could you tell the OEM and AMT version of this particular system showing the error? Are you using remote configuration to try to provision it?
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jose,
The version of EMA is 1.4.0.0, however I managed to fix this. I was looking at the SSL certificates, and although I'd re-assembled the chain of certs and imported into EMA, successfully (publicly issued SSL cert) for some reason the intermediate and root cert didn't appear in the list. So I converted those to .cer files and imported those as 'non PKI' certificates and it's all working.
When I built my last platform I'm not sure if I did the same, but we did have lots of issues on that one as the SSL supplier issued my first certificate without the Intel AMT OID, so it had to be re-created.
Anyway, good news is now working, so it was just the certs that were the issue in the end thankfully, just couldn't work out why I was getting the message. I presume that the TLS provisioning needs all 3 certificates in the chain to be imported and visually present int he EMA configuration GUI to reflect they are in the DB and working, and all three need to be there (i.e. Root-Intermediate-Device).
Regards,
Simon
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page