Article ID: 000058608 Content Type: Install & Setup Last Reviewed: 07/19/2022

How to Provision Intel® Active Management Technology Computers Own Certificate, Using Intel® Setup and Configuration Software or Intel® Endpoint Management Assistant in Admin Control Mode

Environment

Windows® 10*, Windows® 10, 32-bit*, Windows® 10, 64-bit*

BUILT IN - ARTICLE INTRO SECOND COMPONENT
Summary

How to create a standalone Certificate Authority

Description
  • Trying to provision computers in a corporate environment.
  • Most of them have non configured in Intel® Active Management Technology (Intel® AMT)
  • Installed Intel® Endpoint Management Assistant (Intel® EMA) and Intel® Setup and Configuration Software (Intel® SCS) and want to use the company own root CA (standalone).

How to configure everything to remotely provision all computers?

Resolution

Please try the following Standalone CA setup directions below.

  1. Go to the Server Manager
  2. Add roles and features
  3. Click Next
  4. Select Role-based or feature-based installation
  5. Click Next > Next
  6. Select ADCS
  7. Click Next > Next > Next > and Install
  8. Select Finish when the install has completed
  9. Click the Yellow Bang on the top banner of the Server Manager
  10. Select Configure Active Directory Certificate Services on the destination server
  11. Modify the credentials if needed and click Next
  12. Select Certification Authority and click Next
  13. Select the Standalone CA radio button and click Next
  14. Select the Root CA radio button
  15. Select Create a new private key
  16. Select the cryptographic provider (Default is: RSA#Microsoft Software Key Storage Provider) Key length should be 2048
  17. Select SHA256 as the hash algorithm
  18. Click Next
  19. Modify Common name if desired and click Next
  20. Modify validity period to desired length and click Next
  21. Click Next > Configure > Close
  22. Back on the Server Manager page: Click Tools > Certificate Authority
  23. Verify the CA is running

 

Intel® Setup and Configuration Software (Intel® SCS) Profile - TLS Section (add the TLS definition)

  1. In the Certificate Authority drop down list manually enter the domain\name of the Standalone CA FQDNofCA\NameofCA
    Note

    The name of the CA is shown on the Certificate Authority snap-in from step 21 of the Standalone CA Setup

  2. Select the Stand-alone CA radio button
  3. Finish the rest of the profile

Related Products

This article applies to 1 products