Home Neural Network TLS Alert (Certificates Unknown) happens through the Safe Host Based mostly Configuration course of

TLS Alert (Certificates Unknown) happens through the Safe Host Based mostly Configuration course of

0
TLS Alert (Certificates Unknown) happens through the Safe Host Based mostly Configuration course of

[ad_1]

I’m transferring the query on the request of the moderator.

See https://neighborhood.intel.com/t5/Intel-vPro-Platform/TLS-Alert-Certificates-Unknown-occurs-during-the-Safe-Host/td-p/1569623.

 

 

Good day,

 

We’re implementing AMT provisioning on our personal with no answer like EMA.

We encountered an issue whereas implementing Safe Host-Based mostly Configuration to assist CSME 19 or increased.

 

1. Registered the AMT CA certificates.

> rpc amtinfo
Model : 15.0.47
Construct Quantity : 2521
SKU : 16392
Options : AMT Professional Company
Management Mode : pre-provisioning state
DNS Suffix : 192.168.1.10

> rpc amtinfo -cert
—Certificates Hashes—

Our AMT CA (Lively)
SHA256: cabc80186952320c73691e6c4d62379a7d9a52ca246e34881b83ad1a51b9ac12

2. StartConfigurationHBased

StartConfigurationHBased was known as as follows.

StartConfigurationHBased(
  ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA256,
  ServerCertHash [SHA_512_KEY_SIZE]byte = SHA 256 HASH of Provisioning Certificates,
  HostVPNEnable = False,
  SuffixListLen = 0,
  NetworkDnsSuffixList [320]byte
)

 

3. The Provisioning server is related to 127.0.0.1:16993.
However TLS Handshake Failure.

 

jic5760_0-1707269598356.png

 

jic5760_1-1707269598352.png

 

– Each the provisioning certificates and the CA certificates have been despatched.

– The hashes of the CA certificates and provisioning certificates are the identical as these despatched in steps 1 and a pair of.

 

Provisioning Certificates:

 

 

Certificates:
    Information:
        Model: 3 (0x2)
        Serial Quantity:
            01:8d:7c:e8:91:6a:64:14:68:54:96:b8:98:b1
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = Our AMT CA, C = KR
        Validity
            Not Earlier than: Feb  6 05:33:52 2024 GMT
            Not After : Feb  3 05:33:52 2034 GMT
        Topic: CN = 192.168.1.10, OU = Intel(R) Shopper Setup Certificates
        Topic Public Key Data:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Primary Constraints: essential
                CA:FALSE
            X509v3 Key Utilization: essential
                Digital Signature, Non Repudiation, Key Encipherment, Key Settlement
            X509v3 Prolonged Key Utilization: essential
                TLS Net Server Authentication, 2.16.840.1.113741.1.2.3
            X509v3 Topic Different Identify: 
                DNS:192.168.1.10
            X509v3 Topic Key Identifier: 
                58:CE:02:47:70:49:8C:C1:7B:DB:9E:FA:DE:C0:3D:8D:76:9A:5C:CA
            X509v3 Authority Key Identifier: 
                B7:FE:10:B2:C9:C8:E8:64:92:6E:17:D5:21:B1:40:72:66:A7:CF:89
            Netscape Cert Sort: 
                SSL Server
    Signature Algorithm: sha256WithRSAEncryption
    Signature Worth: ... 

 

 

 

Here’s a pattern mission that may be run standalone on a vPro PC: https://github.com/jclab-joseph/intel-vpro-hbased-problem-01

You possibly can check it after registering the certificates with setup.bin.

 

 

 

>amt-test.exe
2024/02/07 10:24:32 AMT Model:  15.0.47
2024/02/07 10:24:32 DNS SUFFIX:  amt-provisioning.check.com
2024/02/07 10:24:32 StartConfigurationHBased: AMT Cert Hash:  6d802ab34996d397a9b4ebf901edf0c38a9fa7b997917732aaf8de82bc0ad1bb0000000000000000000000000000000000000000000000000000000000000000
2024/02/07 10:24:33 tcp related. begin mtls...
2024/02/07 10:24:34 RECEIVED AMT HASH :  6d802ab34996d397a9b4ebf901edf0c38a9fa7b997917732aaf8de82bc0ad1bb
2024/02/07 10:24:34 RECEIVED AMT HASH **MATCHED** :)
2024/02/07 10:24:34 tls handshake failed:  distant error: tls: unknown certificates

 

 

 

[ad_2]