Home Neural Network TLS Alert (Certificates Unknown) happens through the Safe Host Primarily based Configuration course of.

TLS Alert (Certificates Unknown) happens through the Safe Host Primarily based Configuration course of.

hhhhm
-
0
TLS Alert (Certificates Unknown) happens through the Safe Host Primarily based Configuration course of.

[ad_1]

Whats up,

 

We’re implementing AMT provisioning on our personal with out a resolution like EMA.

We encountered an issue whereas implementing Safe Host-Primarily based Configuration to assist CSME 19 or greater.

 

1. Registered the AMT CA certificates.

> rpc amtinfo
Model : 15.0.47
Construct Quantity : 2521
SKU : 16392
Options : AMT Professional Company
Management Mode : pre-provisioning state
DNS Suffix : 192.168.1.10

> rpc amtinfo -cert
—Certificates Hashes—

Our AMT CA (Energetic)
SHA256: cabc80186952320c73691e6c4d62379a7d9a52ca246e34881b83ad1a51b9ac12

2. StartConfigurationHBased

StartConfigurationHBased was referred to as as follows.

StartConfigurationHBased(
  ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA256,
  ServerCertHash [SHA_512_KEY_SIZE]byte = SHA 256 HASH of Provisioning Certificates,
  HostVPNEnable = False,
  SuffixListLen = 0,
  NetworkDnsSuffixList [320]byte
)

 

3. The Provisioning server is related to 127.0.0.1:16993.
However TLS Handshake Failure.

 

jic5760_0-1707198035159.png

jic5760_1-1707198162098.png

– Each the provisioning certificates and the CA certificates have been despatched.

– The hashes of the CA certificates and provisioning certificates are the identical as these despatched in steps 1 and a couple of.

 

Provisioning Certificates:

Certificates:
    Information:
        Model: 3 (0x2)
        Serial Quantity:
            01:8d:7c:e8:91:6a:64:14:68:54:96:b8:98:b1
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = Our AMT CA, C = KR
        Validity
            Not Earlier than: Feb  6 05:33:52 2024 GMT
            Not After : Feb  3 05:33:52 2034 GMT
        Topic: CN = 192.168.1.10, OU = Intel(R) Consumer Setup Certificates
        Topic Public Key Information:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Primary Constraints: vital
                CA:FALSE
            X509v3 Key Utilization: vital
                Digital Signature, Non Repudiation, Key Encipherment, Key Settlement
            X509v3 Prolonged Key Utilization: vital
                TLS Net Server Authentication, 2.16.840.1.113741.1.2.3
            X509v3 Topic Different Identify: 
                DNS:192.168.1.10
            X509v3 Topic Key Identifier: 
                58:CE:02:47:70:49:8C:C1:7B:DB:9E:FA:DE:C0:3D:8D:76:9A:5C:CA
            X509v3 Authority Key Identifier: 
                B7:FE:10:B2:C9:C8:E8:64:92:6E:17:D5:21:B1:40:72:66:A7:CF:89
            Netscape Cert Sort: 
                SSL Server
    Signature Algorithm: sha256WithRSAEncryption
    Signature Worth: ...

 

 

[ad_2]

© Newspaper WordPress Theme by TagDiv