Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Generating a Remote Configuration Cert from MS CA

RBens2
Valued Contributor I
2,658 Views

I'm trying to get my own remote config cert installed on my SCS, but I can't quite seem to get the correct cert out of the MS Certificate Authority. The CA wants to make the Subject name equal to my user name, but I need the SN to equal the machine name. Does anyone have any ideas about how to get this to work correctly?

I'm using the CA as an enterprise CA running on my AD server. I've gotten the cert template to have the correct OID, but I can't get it to make the SN equal to the computer name.

Thanks,

Roger

0 Kudos
3 Replies
Brian_Cockrell
Employee
587 Views

Roger,

I use the following process to create certs on my SCS system:

Log on to the machine that SCS is installed on . Open a web browser on that system and enter the url of the machine issuing certs for your domain followed by certsrv. It will look something like this: http://192.168.1.1/certsrv

Login as the domain admin.

Click on Request a certificate.

Click on "Advanced certificate request".

Click on "Create and submit a request to this CA."

In the certificate template field, select the template that you built.

You will then be able to specify the subject name equal to the machine name.

0 Kudos
Terry_C_Intel
Employee
587 Views

Once the template is in place - when you request the certificate, the "first name" is the FQDN of the target system used for remote configuration.

I'm planning to put together a short video to show how this is done... hopefully have it posted before end of the month...

0 Kudos
RBens2
Valued Contributor I
587 Views

Thank you for the help. From your replies, I was able to figure out my problem. When I built the template for the cert I forgot to select the "Supply subject name in the Request" radio button. When AD fills in the data, it want to use the user name rather than the machine name. When I changed the template to function this whay, then it worked exactly as I needed it to. It would be helpful if this was noted in the section on generating a remote config cert.

Thanks,

Roger

0 Kudos
Reply