You are here: Preparing the Certification Authority > Using Predefined Files Instead of a CA Request

Using Predefined Files Instead of a CA Request

Usually, during configuration of Intel AMT features defined to use certificate-based authentication, Intel SCS requests the certificate from a CA. To do this, Intel SCS must have access to the CA during configuration. However, in some network environments the CA cannot be accessed from all computers.

The host-based configuration method supplies a solution to this problem. When defining certificate-based authentication, you can now use predefined certificates and private key files (used for the encryption).

To do this, select the Use certificate from a file, option:

Note:
For each file you can click Browse to locate and select it, or enter the path to it from the Intel AMT system. However, make sure that you put both files in a location that can be accessed from the Intel AMT system. Two such files are required per Intel AMT system.

Required Format for Certificate and Key Files

The files that you supply must be in the Base64 format, known as the PEM format. The information in each file must be enclosed between a correct “BEGIN” header line (starting with five dashes) and an “END” footer line.

For certificate files:

-----BEGIN CERTIFICATE-----

... (CA certificate in bases encoding) ...

-----END CERTIFICATE-----

For key files you must use only the “PKCS#1 RSAPrivateKey” format:

-----BEGIN RSA PRIVATE KEY-----

...(Key in RSA PKCS#1 format)...

-----END RSA PRIVATE KEY-----

Note:
If necessary for your network environment, you can encrypt the private key file (see File Encryption).