If you are using mutual authentication, you can also configure the Intel AMT device with data from a Certificate Revocation List (CRL). Intel SCS does not use the original CRL file supplied by the Certification Authority. The information from the CRL file must be placed in the <CRLs> tag of the configuration profile.
You can use the Configuration Profile Wizard to import the CRL into the configuration profile (see Defining Advanced Mutual Authentication Settings).
![]() |
---|
The profile can contain a maximum of four CRLs. The combined CRLs can contain a maximum total of 64 serial numbers. |
This is an example of the XML format required by the Configuration Profile Wizard:
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file maps the untrusted certificates serial number to the URI of the issuer.
The URI value represents a valid CRL distribution point of a Certificate Authority.
-->
<crl>
<uri name="http://certification.authority.example.1.CRL">
<cert serialnumber="15 27 82 20 00 00 00 00 00 01"/>
<cert serialnumber="15-27-82-20-00-00-00-00-00-02"/>
<cert serialnumber="15278220000000000003"/>
</uri>
<uri name="http://certification.authority.example.2.CRL">
<cert serialnumber="15 27 82 20 00 00 00 00 00 04"/>
<cert serialnumber="15 27 82 20 00 00 00 00 00 05"/>
</uri>
</crl>
For the serial number attribute: