Open xcabur1 opened 4 years ago
Understood, this is a valid request. I do want to note that if you use a specific root cert to sign all your Intel AMT TLS certificates and the root is only used for Intel AMT signing, it's best to not load that root in the Windows trusted cert store. It should only be loaded in the management console. I sort of wish there was a "Intel AMT only" usage flag so a Intel AMT root cert can't be trusted for anything else.
I am pretty flooded right now, but this is a good request.
Just for clarification, my request refers to root certificates for TLS connection encryption not to certificate-based authentication.
Yes, understood.
I know I can add the Root CA Certificate in the MeshCommander certificate manager and configure it as a trusted certificate to prevent the certificate warning during the connection. But it would be greate if MeshCommander trusts the Windows certificate store. In enterprise environments the trusted root CA certificate is allready deployed by active directory to the Windows computer certificate store. As a result, the CA certificate does not have to be added to every users MeshCommander.