1 Reply Latest reply on Jun 9, 2011 10:50 AM by

    Godaddy certificate with configuration server

    plmanikandan

      Hi All,

       

      I'm trying remote configuration using Windows\Intel_Manageability_Configuration\Bin\ConfigurationServer.exe
      available in AMT SDK. Bought the provisioning certificate from godaddy and exported to pfx

      Created the full chain certificate file(private key, publickey,rootca publickey, intermediate ca publickey) using following command
      openssl pkcs12 -in FullChain.pfx -out FullChain.pem –nodes

      Root ca file(rootca publickey, intermediate ca publickey)using following command
      openssl pkcs12 -in FullChain.pfx -cacerts -out  rootCert.pem

      I used defaul.cof.xml and changed the necessary settings
      When the configuration server receives hello packet, provisioning is failed with following message
      =======================================================
      [2011-06-08 12:50:23] Incoming Connection from x.x.x.x:16994
      Incoming data is:
              Configuration version: PKI Configuration
              Count  : 0
              UUID   : E06C0792-7535-11E0-AADD-04175D769909
      reading configuration from default.conf.xml

      >> Starting configuration call sequence <<

      Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable
      Failed while calling Soap call GetCoreVersion. AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable
      - failed to establish connection with AMT
      - attempt to connect using default credentials...
      Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable
      Failed while calling Soap call GetCoreVersion. AMT Connection Error 4023: An SSL error occurred. Verify the username and password, as well as the PSK or certifcate settings, where applicable
      - failed to establish connection with AMT
        Aborting configuration
      Warning: SetProvisioningParameters() failed
      ==============================================
      Reason for failure may be due to order of certificate in fullchain.pem, if I change the order of certificate like (private key, publickey,intermediate ca publickey,rootca publickey)
      root ca public key as last certificate then able to configure AMT properly.
      Is the above error related to order of certificate in FullChain.pem, if so how we can create FullChain.pem having root ca as last certificate?

       

       

      Thanks,
      Mani

        • 1. Re: Godaddy certificate with configuration server

          Mani,

          You found the solution to the problem exacty. The TLS stack expects the order of certificates in the PEM to be leaf-intermediate CA-...-Root CA, but OpenSSL does not create a PEM in this order when there are intermediate CA certificates.

           

          The SCS looks for certificates in the certificate store and does not have this problem.

          regards,

          Dick