If you use Intel SCS with an Enterprise CA to configure Intel AMT features to use certificate-based authentication, you must define certificate templates.
![]() |
---|
This procedure shows how to create a template containing the correct settings for Intel AMT. For settings specific to your organization (such as certificate expiration), specify the values you require. You must also make sure that the CA and the template are not defined to put certificate requests into the pending status. For more information, see Request Handling. |
To create a certificate template:
![]() |
---|
Intel SCS supports only version 2 certificate templates. Version 3 certificate templates are not supported and cannot be selected in the configuration profile (they will not be shown in the list). |
![]() |
---|
In the Minimum key size field, do not define a value higher than 2048. The maximum key size supported by Intel SCS is 2048. |
![]() |
---|
If you define Mutual TLS in the configuration profile, each application that needs to communicate with the Intel AMT device will need a certificate. In addition to the Server Authentication OID (added in step 15 d), the certificate must contain these OIDs:
You can add these OIDs to this template (by clicking New in the Add Application Policy window). You must then install a certificate, based on this template, in the certificate store of the user running the application. |