TLS server authentication

TLS server authentication

I need help on TLS server authentication. I'm developing an AMT management consolefrom scratch. AMT remote configuration already works but I can't create a watchdog on the device (in Enterprise mode). All API calls returns an error 22 which means that I can't establish a connection with the device. I've encountered this error before in SmallBusiness mode when my password, username or target IP is wrong. How exactly should I handle server authentication? The root certificate of the certifcate chain I sent to the device is already trusted. Aside from username and password what other parameter should I use in order to communicate with AMT using TLS? I've read that I need to specify the certificate name, but I don't know which certficate in the chain to use.

I hope somebody out there can help.

target format used: "https://xxx.xxx.xxx.xxx:16993/servicename"

6 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Finally, I got it working! Now, I know that for TLS server authentication only the server is authenticated. I don't need to specifiy any certificate in order to connect to AMT.

Great news! I'm glad you got it working, Virtual Walker!

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

Hi,

I am also using server authentication for local interface. I know that we need not pass any certificates to work. But looks like I have to sign the certificate that iAMT passes to local interface to work. Please let me know if you have any idea.

thanks,

uday.

Hi, I don't full understand your last message, but will try to answer. When Intel AMT is in server authentication, it will use TLS for both local and remote interfaces and the console or agent don't need to provide there own certificate. This said, the Intel AMT certificate must be valid in time, have the certificate name matching the name you used to connect to the computer and correct certificate key usages.

When connecting to the local interface, do not use "127.0.0.1" or "localhost" but rather, use the full name of the computer "amtcomputer.testlab.com" or something like that. You must connect using the same name as the name in the certificate, even if you are doing a local connection. This way, the certificate name matching will work.

Hope this helps,
Ylian (Intel AMT Blog)

Hi,

Have you successfullyset the AMT certificate using SetTLSKeyAndCertificate API?

virtual walker

Leave a Comment

Please sign in to add a comment. Not a member? Join today