1 Reply Latest reply on May 27, 2010 10:50 AM by chykun

    Thawte AMT Provisioning Certificate

      I am working on a customer site to implemt vPro with SCCM. This customer purchases their certificates from Thawte and would like to purchase their AMT Provisining Certificate through Thawte as well. Thawte does have the capability to purchase an AMT certificate but in all of the documentation I read, in reference to obtaining and AMT certifcate, Thawte is never referenced. I have detailed information on the 3rd party CA certificate thumbprints that are loaded in the AMT firmware and supported (GoDaddy, Comodo, Starfield, Verisign) but can't find any information on Thawte certificates. Is the thumbprint for the Thawte AMT Provisioning Certificate going to be loaded in the firmware? If it isn't loaded into the firnware and I bought this certificate what would I have to do to get it to comply? Would I have to touch each machine manually?

        • 1. Re: Thawte AMT Provisioning Certificate

          from the documentation that i've read on the Provisioning cert, with your situation, you have 2 choices:


          1. touch every machine.  Thawte is not a factory default third party CA.  you would have to log into the MEBx of each machine and manually enter the root hash for the cert you bought.

          2. have the pc manufacturer put the root hash in the MEBx for you.  so when you get the PC, you dont have to enter it your self.  but i'm sure they'll charge you for that.


          If you log into the MEBx of an unprovisioned PC you are working with you will be able to see what thrid party root hashes are already there.  if you go the route of having the PC manufacturer put another root hash in the MEBx for you, you might as well get your own enterprise root CA going.