3 Replies Latest reply on Dec 6, 2016 10:10 AM by Intel Corporation

    Intel AMT 5.0 + TLS



      I trying to configure Intel AMT-ME 5.0-5.2 motherboard based on Q45 to use SSL/TLS-HTTPS connection.

      Intel AMT versions - Wikipedia - tells that AMT 5.0 have TLS.

      I make all needed settings at BIOS and ME-BIOS and successfully access to AMT PC via Web-GUI at 16992 port. But I want SSL/TLS connection encryption.

      First I try to use AcuWizard, but it tells that AMT5.0 does not support host-configuration (only AMT7.0 or later), but USB-key configuration does not have certificates and SSL/TLS options.

      Second I try MeshCommander (latest v0.3.8) - but all the way it shows only Error:400.

      Third I use "ToolMesh - Manageability Director/Commander" - it works more stable, so I create and import to AMT module 2 security certificates (root and user) - certificates was added successfully. Also I add those certificates to local Windows certification storage (at PC from where I trying to connect to AMT PC). And also I delete some suspicious 3rd party application from AMT named as "venCA (Unicenter)". But when I trying at "Manageability Director" setup SecurityProfile to AMT-PC with "intel AMT Security" option set to any of 4 types with TLS - error appears: "SetTLSKeyAndCertificate() returned FAILED_WEB_CALL". Also at AMT PC tab "Security" option TLS shows as "Unsupported" and drop-down menu is absent.

      I try Intel SCS console configuration to make "Delta configuration USB key" but it needs some "CA RCS server reach Microsoft CA" (something like this) and can not just use certificates stored at the near folder at the same PC... OMG! Also IntelSCS tells something about alternative "CA local plugin" but google tells me that this plugin does not exist yet.

      Making AMT<7.0 works through TLS is some kind of maltreatment!!!

      Can anyone help with SSL/TLS-HTTPS connection enabling at AMT5.0???