Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro

Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro (Full Version)

All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager

Message

swood -> Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro (5/14/2008 5:39:23 PM)
I'm in the process of acquiring an SSL cert, from GoDaddy.com to allow us to provision our new AMT Intel vPro systems from SCCM 2007 SP1. The instructions in the SP1 help file gives step-by-step help to create a CSR for submission to an external CA from a Microsoft CA. From what I understand, on the Intel side of things, you need to make sure the CSR includes the field OU = Intel(R) Client Setup Certificate Nowhere in the SP1 docs does it show how and where to specify this in the CSR creation process. Has anyone done this before? I've read that if you don't specify this string the cert won't work to provision AMT.

smsjourney -> RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro (5/15/2008 9:33:22 AM)
I did try and got confuse and stuck with the Microsoft way of setting up a CA on the Sccm server. Hope that helps

swood -> RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro (5/15/2008 10:16:20 AM)
Did your cert work to provision AMT clients?

jjgleason -> RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro (5/15/2008 3:20:08 PM)
Sandy, Not sure if you've seen this but check out this link on the Intel site. It shows step by step how he requested the cert from godaddy: http://communities.intel.com/openport/blogs/proexpert/2008/03/03/steps-to-purchase-a-godaddy-certificate-for-the-purpose-of-vpro-remote-configuration That being said, I was on a conference call with Bill York, who made that post. He said that he tested the process with both verisign and godaddy and in both cases needed to contact them after they issued the certificate to him due to "issues" but that it was working in his lab. As for smsjourney, I'd also like to know your work around using a MSFT CA certificate. My undertanding is that the new AMT ME chips have 4 or 5 Certificate Hashes burned in at the factory for a zero touch provision. If you are not using one of these "approved" certificates you will have to default to using a USB key that has your certificate hash on the USB key. This will get uploaded to the ME when you boot to the USB key. Please let us know if you have a different solution.

swood -> RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro (5/16/2008 9:57:55 AM)
Hello Joey, Yes, I had found that link written by Bill York. I've used it as the basis to work through getting the cert details sorted out. I still have the issue, which Bill did too, of how to make sure I submit the CSR to GoDaddy with the OU string in it. From what I've been able to figure out, using our Microsoft Enterprise CA doesn't add this string to the CSR which GoDaddy needs to make the cert work for provisioning. At the end of Bill's post you'll find his note to this affect. I'm now working on seeing what I can do with creating a cert from OpenSSL.org. It looks like you can edit the CSR prior to submitting it so this may be my solution instead of our in-house Microsoft CA. I really want to use Remote Configuration as we've got over 800 systems out there waiting to be provisioned.

nosdude -> RE: Using a GoDaddy Cert with SCCM 2007 SP1 / Intel AMT vPro (6/4/2008 10:12:25 PM)
To request a godaddy certificate with the "OU = Intel(R) Client Setup Certificate" setting..... 1. On the SCS server....Open IIS Manager, Default Web Site, Properties, Directory Security, Server Certificate 2. Generate a CSR and specify the OU as described above. 3. When you receive ther certificate, go back to IIS and install using the Prior Request completion option. Sunny.

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.1875