myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


           



Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro Page: [1]
Login
Message << Older Topic   Newer Topic >>
Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro - 5/14/2008 5:39:23 PM   
swood

 

Posts: 420
Score: 5
Joined: 12/6/2001
Status: offline 		I'm in the process of acquiring an SSL cert, from GoDaddy.com to allow us to provision our new AMT Intel vPro systems from SCCM 2007 SP1. The instructions in the SP1 help file gives step-by-step help to create a CSR for submission to an external CA from a Microsoft CA.

From what I understand, on the Intel side of things, you need to make sure the CSR includes the field

OU = Intel(R) Client Setup Certificate

Nowhere in the SP1 docs does it show how and where to specify this in the CSR creation process. Has anyone done this before? I've read that if you don't specify this string the cert won't work to provision AMT.

_____________________________

Sandy Wood
Network Admin
Orange County District Attorney
Post #: 1
RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT... - 5/15/2008 9:33:22 AM   
smsjourney

 

Posts: 48
Score: 0
Joined: 11/29/2006
Status: offline 		I did try and got confuse and stuck with the Microsoft way of setting up a CA on the Sccm server. Hope that helps

(in reply to swood)
Post #: 2
RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT... - 5/15/2008 10:16:20 AM   
swood

 

Posts: 420
Score: 5
Joined: 12/6/2001
Status: offline 		Did your cert work to provision AMT clients?

_____________________________

Sandy Wood
Network Admin
Orange County District Attorney

(in reply to smsjourney)
Post #: 3
RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT... - 5/15/2008 3:20:08 PM   
jjgleason

 

Posts: 18
Score: 3
Joined: 5/22/2007
Status: offline 		Sandy,

Not sure if you've seen this but check out this link on the Intel site.  It shows step by step how he requested the cert from godaddy:
http://communities.intel.com/openport/blogs/proexpert/2008/03/03/steps-to-purchase-a-godaddy-certificate-for-the-purpose-of-vpro-remote-configuration

That being said, I was on a conference call with Bill York, who made that post.  He said that he tested the process with both verisign and godaddy and in both cases needed to contact them after they issued the certificate to him due to "issues" but that it was working in his lab.

As for smsjourney, I'd also like to know your work around using a MSFT CA certificate.  My undertanding is that the new AMT ME chips have 4 or 5 Certificate Hashes burned in at the factory for a zero touch provision.  If you are not using one of these "approved" certificates you will have to default to using a USB key that has your certificate hash on the USB key.  This will get uploaded to the ME when you boot to the USB key.

Please let us know if you have a different solution.

(in reply to swood)
Post #: 4
RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT... - 5/16/2008 9:57:55 AM   
swood

 

Posts: 420
Score: 5
Joined: 12/6/2001
Status: offline 		Hello Joey,

Yes, I had found that link written by Bill York. I've used it as the basis to work through getting the cert details sorted out. I still have the issue, which Bill did too, of how to make sure I submit the CSR to GoDaddy with the OU string in it. From what I've been able to figure out, using our Microsoft Enterprise CA doesn't add this string to the CSR which GoDaddy needs to make the cert work for provisioning. At the end of Bill's post you'll find his note to this affect.

I'm now working on seeing what I can do with creating a cert from OpenSSL.org. It looks like you can edit the CSR prior to submitting it so this may be my solution instead of our in-house Microsoft CA. I really want to use Remote Configuration as we've got over 800 systems out there waiting to be provisioned.

_____________________________

Sandy Wood
Network Admin
Orange County District Attorney

(in reply to jjgleason)
Post #: 5
RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT... - 6/4/2008 10:12:25 PM   
nosdude

 

Posts: 1
Score: 0
Joined: 6/4/2008
Status: offline 		To request a godaddy certificate with the "OU = Intel(R) Client Setup Certificate" setting.....
1. On the SCS server....Open IIS Manager, Default Web Site, Properties, Directory Security, Server Certificate
2. Generate a CSR and specify the OU as described above.
3. When you receive ther certificate, go back to IIS and install using the Prior Request completion option.

Sunny.

(in reply to swood)
Post #: 6
Page:   [1]
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.219