Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2 Part 3

May 6, 2010 at 3:15 pm in AMT, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, OOB, out of band management, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Vpro by Kenny Buntinx [MVP]

In my previous post I have talked about  the 3rd Party Remote Configuration Certificate that is needed on each OOB Service Point to Provision Intel vPro technology based systems in SCCM at http://scug.be/blogs/sccm/archive/2009/11/30/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-2.aspx

Now we will talk about importing the 3rd Party Remote Configuration Certificate on the OOB Service Point (In this example we will use a certificate from GoDaddy ).

In part 3 we will explain how to import the Vpro certificate and to export the certificate again for the use of the OOB role in System Center Configuration manager.

1. When you receive your certificate from your vendor ( in this case Godaddy ) , you will probably get 2 certificates :

  • Your AMT server point certificate ( containing the FQDN of your server )
  • Some intermediate chained certificate from Godaddy. (You should look at this as the PKI chain certificates so that the chain could be verified)

image

You could check your certificate that it is a good certificate for AMT provisioning by just looking at the properties ( Select cert  – Right Click – Select open)

image

Make sure that the certificate has been intended for the following purposes :

  1. Ensures identtity of a remote computer
  2. Proves your identety to a remote computer
  3. 2.16.840.1.114413.1.7.23.2

and that it has been issued for the server that will serve as the AMT provisioning point.

2. You will need to import both certificates by right clicking the certificate and select “Install Certificate” on your AMT “out of band service point” as shown below.

image

3. Preparing the AMT Provisioning Certificate for the Out of Band Management role on the SCCM server.

1. When done correctly they should be seen in your certificate store at Certificates (Local Computer) running on the member server, right-click the provisioning certificate, click All Tasks, and then click Export.

2. In the Certificate Export Wizard, click Next.

3. On the Export Private Key page, select Yes, export the private key, and then click Next.

4. On the Export File Format page, ensure that Personal Information Exchange – PKCS #12 (.PFX) is selected, and then select Include all certificates in the certificate path if possible.

5. On the Password page, specify a strong password to protect the exported certificate with its private key, and then click Next.

6. Click Next, and on the File to Export page, specify the path and name of the file that you want to export, and then click Next.

7. Click Finish in the Completing the Certificate Export Wizard page, and then click OK in the Certificate Export Wizard dialog box.

8. Store the file securely, and ensure that you can access it from the Configuration Manager console.

4. The AMT provisioning certificate is now ready to be configured for the out of band management component.In part 4 we will explain how to set-up the other certificates needed and the internal  PKI infrastucture that is needed for the OOB role in System Center Configuration manager.

 

Hope it Helps ,

Kenny Buntinx

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest