Defining Advanced Mutual Authentication Settings
The Advanced Mutual Authentication Settings window lets you define a Certificate Revocation List (CRL). The CRL is a list of entries, usually supplied by a CA, that indicate which certificates have been revoked (see CRL XML Format for the required format).
You can also define the Fully Qualified Domain Name (FQDN) suffixes that will be used by mutual authentication. The Intel AMT device will validate that any client certificates used by management consoles have one of the listed suffixes in the certificate subject. If no FQDN suffixes are defined, the Intel AMT device will not validate client certificate subject names.
To define advanced mutual TLS settings:
- From the TLS window, click Advanced. The Advanced Mutual Authentication Settings window opens.
- (Optional) Define the CRL you want to use in this profile:
- Select Use CRL.
- Click Load File. The Open window opens.
- Browse to the location of the CRL XML file, select it and click Open. The information in the file is imported into the configuration profile, and the name of the file is added to the list.
- (Optional) Define the trusted domains to use in mutual authentication. To add a domain to the list, click New and specify the domain in the Domain Properties window. The Intel AMT system will validate that any client certificates used by the management consoles have one of the listed suffixes in the certificate subject. If no FQDN suffixes are defined, the Intel AMT system will not validate client certificate subject names.
- Click OK. The Advanced Mutual Authentication Settings window closes.