search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.96k stars 536 forks source link

meshcmd amtacm returns "AddNextCertInChain error, status=400" #934

Open thfs1002 opened 4 years ago

thfs1002 commented 4 years ago

Hello everyone! When I tried to activate my amt device as acm, meshcmd returned "AddNextCertInChain error, status=400".

I'm using private provisioning certificate, not vendor certificate. (FYI "acuconfig.exe /output console ConfigViaRCSOnly scs01.mydomain.site EPGrp-001" is ok. )

Any Idea will help.

Thanks in advance!!

Ylianst commented 4 years ago

Is you private provisioning certificate trusted by Intel AMT? If you type meshcmd amthashes, is your private certificate signed by one of the roots indicated in that list?

thfs1002 commented 4 years ago

Thank you for your replay.

Is you private provisioning certificate trusted by Intel AMT?

Yes, meshcmd amthashes returns like this: My Private Root CA (, Active) SHA256: F808BB74AF3CAA9942FB4A6121D31027B7D696EB6C0D5D21462756891E8A230F

is your private certificate signed by one of the roots indicated in that list?

Yes, off course.

FYI, the dedicated provisioning certificate's CN is mydomain.site, OU is "Intel(R) Client Setup Certificate", Key usage is Digital Signature, and Enhanced Key Usage is Server Authentication (1.3.6.1.5.5.7.3.1) and AMT Provisioning (2.16.840.1.113741.1.2.3). I used setup.bin editor from meshcommander to register the sha256 hashe.

Is there anything wrong?