This content has been marked as final. Show 1 reply
Please check your GoDaddy certificate:
- Is it installed in certificate store of user running RCS Service (if RCS is run as Network Service it will be Computer certificate store)
- Is it Intel AMT Provisionig certificate?It should contain an Intel AMT unique OID (2.16.840.1.113718.104.22.168) in EKU if possible. It must contain the “SSL Server” OID (an IANA pre-defined OID). (this is what GoDaddy inserts into EKU when you select "certificate for Intel vPro"
— OR —
The OU value in the Subject field must be “Intel(R) Client Setup Certificate”. This OU value is case-sensitive and must be entered exactly (without quotation marks). (this is used by other Root CAs)
- If it was issued recenly it is SHA256 certificate for sure. SHA256 certificates are supported by Intel AMT FW 6.0x or newer only.
- Does its trust chain start with Go Daddy Class 2 CA with SHA1 Fingerprint: 27 96 ba e6 3f 18 01 e2 77 26 1b a0 d7 77 70 02 8f 20 ee e4?
Newer Go Daddy Root CA-G2 is supported by Intel AMT 11, and updated/recent versions of AMT FW 8,9.x,10. Those updated versions may be not made available by Dell for your HW.
You may need to install GoDaddy G1 to G2 Cross Certificate gdroot-g2_cross.crt to rebuild trust chain to Go Daddy Class 2 CA (and Restart RCS).
Intel EMEA Biz Client Solution Architect