Intel vPro Expert Center Blog
3 Posts tagged with the godaddy tag
Going with GoDaddy
GoDaddy is one of the more popular sources for SSL certificates that support remote configuration. But GoDaddy doesn't take security lightly and will do a good bit of homework to validate that you are authorizated to recieve a Deluxe High-Assurance certificate on behalf of your organization. In order to make your purchasing process smooth and successful, here are some tips.
Bill York wrote an excellent blog on how to order such a certificate from GoDaddy that can be found at: http://communities.intel.com/openport/blogs/proexpert/2008/03/03/steps-to-purchase-a-godaddy-certificate-for-the-purpose-of-vpro-remote-configuration. Start by reading this article to familiarize yourself with the technical steps to complete the order. There are some tips below for setting up a new account that you may want to refer to as you start to follow his steps.
GoDaddy performs a good deal of "due diligence" research before they will issue a Deluxe High-Assurance SSL certificate. You can help to ensure the ordering process goes smoothly by anticipating the GoDaddy requirements to facilitate their research.
The "checks" that GoDaddy needs to perform are: domain authorization, corporate document approval, and online and verbal phone verification. You can see the on-going status of these steps when you log into your GoDaddy account after placing your order. As each step is completed, the icon next to that step will change in the Certification Steps Status page, shown below:
Account Setup
But prior to even ordering your SSL certificate, if you have to create a new account, be sure to use your company's formal legal name. GoDaddy will attempt to look up the company in a database, such as your state's list of registered companies maintained by the Secretary of State to see if your company is established. If not found, you may need to supply a letter of authorization from the company on letterhead for "Corporate Documents Approval" (see below).
Also be careful with your company address and phone number. GoDaddy will lookup your company in a online phone directory for the "Corporate Phone Number Found" step. If your business and location are listed with a phone number where you can be reached, you are in good shape since they are going to want to call a published phone number and be transferred to your extension.
If you are in a remote office that is not listed in a directory, be prepared to supply a phone bill in your name where you can be reached instead. Your mobile or home phone may be used if you cannot get a transferred call from an office that resolves to your business in a db like Yellowpages.com or Yellowbook.com. If you know that your address and office number will not be found in an online directory, have a copy of a phone bill (mobile or home) on an account in your name available to fax to them.
When ordering your Deluxe High-Assurance SSL certificate, be sure to follow the instructions from the articles shown above to generate the CSR and specify the appropriate OU to equal "Intel(R) Client Setup Certificate". Once the order is placed, you can start to monitor the status of your order.
Administrative Approval
As soon as you place the order, check the WHOIS lookup for your domain by using the link on the form or another method. Then, call or email your internal administrative contact for the domain to let them know to expect an email from GoDaddy requesting authorization for the certificate. Ask that person in your organization to let you know when they've replied and log back in to check the status after they do. The first three steps, "CSR Being Generated", "WHOIS Lookup Being Performed", and "Awaiting Administrative Approval," should be completed at this point. If not, you may want to call GoDaddy Technical Support to let them know of your progress.
Corporate Document Approval
At that time while you have GoDaddy on the phone, inquire as to whether they can find your company in the Sec. of State database and if not, verify what will substitute for Corporate Document Approval. In some cases, be prepared to submit Articles of Incorporation or copies of a SEC filing at this stage if necessary.
In other cases, you will need to fax a letter that includes the date and CommonName for the certificate signed by the department manager that authorizes you getting the certificate. This manager's position or title will need to be verified through either an on-line directory on your company's web site or by calling your HR department or contact. If you know that person's position or title cannot be verified on-line by GoDaddy, include the phone number for HR in the letter.
Corporate Phone Number Found
At this point, GoDaddy may need to forward your corporate documents to an administrative researcher within GoDaddy and there may be a delay for the documents to be verified. After this is done, and your "Corporate Document Approval" step status changes from In Progress to Completed, you may want to call Technical Support to help them find the best phone number to reach you at in an online directory. If this doesn't work for your phone number, ask for the Request for Verification form that you can complete and fax with the phone bill described above.
Once they have found the right number to call or received your phone bill and Request for Verification form, all that is left is to wait for the call. Verbally verify your identity and soon the certificate will be issued. In some cases, GoDaddy has sent an additional certificate with a P7X file extension, along with instructions on how to install it. I've not seen a case where the installation of this was necessary, and it may only serve to confuse you. You should only need to install the SSL cert for your domain in accordance with the documentation for your management console or provisioning server such as Intel's Setup and Configuration Service (SCS).
Remember, your certificate needs to have a CN matching the domain suffix of the machine where it will be installed and an OU matching "Intel(R) Client Setup Certificate" in the details of the Subject field. Also, the cert will need to "chain up" to the GoDaddy trusted root cert with a thumbprint matching one of the pre-installed trusted root CA thumbprints in the AMT firmware. For more information about certificate format requirements, installation of this cert, and other PKI-related questions regarding remote configuration, as alway,s a good place to look online is here at the vPro Expert Center.
Best of luck in getting going with GoDaddy!
The following information contains the detailed steps used to order a Remote Configuration Client Certificate from GoDaddy. There are many methods that can be used, but this was tested and validated that the certificate worked for both SMS and SCCM SP1 to provide Remote Configuration Provisioning to vPro clients.
SUMMARY: You will be required to prove that you, or your company, own the rights to the domain for which you are applying for this certificate. In the following example, I first registered my lab domain before ordering my Remote Configuration Certificate. I also needed a Company representative to submit a letter of approval (Company Letterhead) to GoDaddy giving me authority to request this certificate. I also tested the certificate I received from GoDaddy did work with Remote Configuring AMT clients in SMS and SCCM SP1 environment.
Key items that are detailed in the steps below that were required to get my certificate:
○ Certificate type must be a Deluxe Assurance SSL certificate
○ Certificate request is for an Organization
○ OU = Intel(R) Client Setup Certificate
○ CN = ServerName.domain.com (this must be the FQDN of the Provisioning Server for Remote Configuration generating the CSR)
○ Organization = The legal name of your organization that can approve your certificate request
○ Required Documentation to be submitted (Driver's License, Bank Statement, and Approval Letter on Company Letterhead)
STEPS TO PURCHASE THE REMOTE CONFIGURATION CERTIFICATE
1. Go to GoDaddy Web site: www.godaddy.com
2. Select the SSL Certificate link: https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979
3. From the SSL Certificate page, choose the Deluxe SSL certificate and click ADD
a. select Single (your choice of 1, 2, or 3 years) for a single Domain environment
b. Unlimited Subdomains - wild cards are support for version of AMT 2.6 / 3.2 and higher
4. In the next screen, you will be prompted to customize your order. No additional items are necessary on this screen, select Continue
5. At the Checkout Now screen, you should see the Deluxe Assurance SSL certificate (other options may vary if you selected additional items to purchase)
6. In the Billing information Window, make sure to include your valid company name. You will be required to have someone from your company submit an approval letter for this certificate request on company letterhead (more detailed steps to follow).
7. After you fill out your billing information, you will need to login to your account to configure the certificate you have just purchased.
8. After logging in to your account, select Manage SSL Certificates.
9. You will see you have an available credit in the Secure Certificates, Click Set up Certificate link and Click Activate Account
a. You may need to Login in to your account or Create a new Certificate account - this is different than your GoDaddy Account
10. Select the Deluxe High-Assurance SSL Certificate and Click Request Certificate
11. Select Corporate option in Step 1
Fill out Personal Information in Step 2, including your company name
Generate you CSR and paste text in the box provided in Step 3 (make sure to indicate the type of server used to produce CSR)
They provide a link in Step 3 on How to generate a CSR (follow these steps).
The CSR MUST include the following fields to be a valid vPro Remote Configuration Certificate and approved by GoDaddy:
OU = Intel(R) Client Setup Certificate
CN = ServerName.domain.com (this must be the FQDN of the Provisioning Server for Remote Configuration generating the CSR)
Organization = The legal name of your organization that can approve your certificate request
12. After you paste your CSR information and click Submit, your request will be routed to GoDaddy and they will follow up via email for next steps.
13. You will be asked to send them two forms of Identification (Driver License and Bank Statement)
14. Additionally, you will be asked to have someone within your company provide an approval letter on company letterhead stating that you have the authority to request the SSL certificate for this server and domain.
15. After GoDaddy has validated the required documentation, they will send you an email stating that your SSL certificate is available.
16. You can now download your SSL certificate and apply it to your IIS Web Server on your requesting Provisioning Server.