I work as IS Manager for a fairly small company that just acquired 20 computers - HP rp5800 models with VPro technology for easy and secure management of the same. Enabling AMT features in the bios was a no-brainer and connecting to the boxes via Commander and VNC was a breeze, too.
The problems started when we decided to use Self signed Certificates for both client and server authentication - TLS. We couldn't find ANY recent documnetation on how to actually do this on our platform:
Intel Management Engine BIOS Ext v7.0.0.0054
Intel ME v220.127.116.115
MDTK 7.0.11340.2 (Commander, Director, Outpost)
The whole VPro/TLS implementation process is very confusing to us. We are in a workgroup environmnet, NO domain, NO Active Directory. We've tried everything we could think of, and all the steps worked by themselves, but in the end we could not connect the "dots". IE creating self signed cert. worked, copying the hash into the BIOS worked, but the authentication failed :-(
We have a few basic questions with regards to VPro, and maybe a simple flow chart would help to guide is in the right way. We would like to use static IP addresses in the BIOS and in the operating system, as well. Is it possible to do this, because some documents call for DHCP and option 15 (domain name) populated.
There is zero documentation on self signed certificates and how to use them for the latest 7.x environment. Do we have to use "paid" certificates from third party CA or can we use our "self signed"? If self signed cert work how do we create them and install them properly?
If we don't use a DHCP server , does it mean we can't use remote configuration, therefore USB key is the only option to enetr settings into the BIOS?
We have installed a dedicated 2003 server with DHCP with option 15, it works fine, as far as DHCP goes. We also installed a the Certificate Authority add-on to it, that seems to work fine too. All the management tools are also installed onto the W2K3 server, including RCFG.
We have all the tools and utilities from Intel, but we couldn't get this bloody thing to work properly. The latest MDTK includes "Director" which is capable of creating self signed certificates, but we have NO proper documentation on how to properly do it, meaning what goes where, what options to choose, if this vs. if that... The "Commander" tool also has the capability of creating certificates but every time we use it gives us an error message...Seems quite buggy...
To make the long story short, we need some kind of guidance with our project:
Static IP configuration
2 way authentication with self signed certiciates (TLS)
7.x AMT platform
Sounds simple, but we've been banging our heads against the wall for almost 2 months. It's time to ask for some help. We e-mailed Ylian last night about our problem, but on a second thought it might be better to post a question here as well, so the others can see the potential solution to our problem, too.
Any info, guidance, flow chart or anything related to our problem will be greatly appreciated.
Thanks a million,
Message was edited by: Robert S.