Configuration of the tunneling proxy is a function of the product. The following parameters are based on the stunnel product, which can be downloaded from http://www.stunnel.org. The stunnel configuration file as downloaded is usable for Intel AMT purposes, with the following modifications:
• Cafile is set to a path to trusted root certificate used to validate the Intel AMT device’s client certificate.
• cert must be set to a path to the server certificate used to authenticate to the Intel AMT platform. It must trace to the trusted root certificate installed in the Intel AMT platform by the setup and configuration application. Starting with Release 4.0, Intel AMT validates that the certificate was issued for server authentication (created with the OID 18.104.22.168.22.214.171.124.2). This certificate must meet the requirements of TLS 1.0 RFC 2246, including the requirements that when a key usage extension is present, the digitalSignature bit must be set for the key to be eligible for signing and the keyEncipherment bit must be present to allow encryption.
• key is a path to the private key associated with the certificate.
• accept is the port that the Intel AMT platform uses to connect to the MPS. Stunnel listens on this port and forwards connections to the MPS using the value in the connect parameter.
• connect is the IP address and port that stunnel uses to send data received from the Intel AMT platforms to the MPS. The IP address will be 127.0.0.1 if stunnel runs on the same platform as the MPS, or localhost:port#.
See the file stunnel.conf in the SDK located in the MPSModule_<version>.zip file at \Bin\Conf.
Copyright © 2006-2022, Intel Corporation. All rights reserved.