TLS Certificate
What is TLS?¶
Transport Layer Security (TLS) is a protocol used to establish encrypted communication sessions over an IP network between an application and server. As the most widely-used encryption protocol, it secures email, instant messaging, voice over IP (VoIP), HTTPS, and more. Encrypted TLS sessions promote data security and prevent tampering, eavesdropping, and other malicious activity.
The protocol involves:
- Public-key Cryptography: public-private key pairs generated by cryptographic algorithms
- Digital Certificates: an electronic document used to establish identity of the holder with the use of the public key
What is a TLS digital certificate?¶
Electronic documents, called certificates, are issued by and purchased from Certificate Authorities (CA), organizations that comply with TLS industry regulations, requirements, and standards.
When a client running a web application, such as a browser, connects to a server, the server sends a TLS certificate that can be used to verify the authenticity of a server. The web application uses certificates present on the client to establish a secure connection.
There are two ways to use TLS in the toolkit:
- Purchase a certificate from a CA and inject it via a proxy application
- Generate a self-signed certificate with mesh commander
There are three types of TLS certificates available for purchase from CAs:
| Certificate Type | CA issues to | Authentication Level | Appropriate for |
|---|---|---|---|
| Domain Validated | an applicant listed in domain name's admin contact list | Low | Individuals and very small businesses |
| Organization Validated | an organization that submits required documentation | Medium | Businesses that collect sensitive data, confidential information, social media information, etc. |
| Extended Validation | an organization that submits required documentation and passes an EV validation guideline | High | Businesses that deal with payments, sensitive data, confidential information, etc. |
All certificate types use 256-bit encryption.
What is a self-signed certificate?¶
In addition to purchasing a certificate from a CA, it is possible to generate free self-signed certificates. Self-signed certificates offer trust value within an organization and are appropriate for development, but they are not appropriate for securing content that is presented to outside world.
How does TLS work in the Toolkit?¶
Intel® AMT is preloaded with TLS-based certificate thumbprints, a string of hexadecimal characters that identifies a certificate, of participating vendors. When you purchase and install a certificate from a participating vendor, you'll be able to use the toolkit to perform remote configuration.
To get a list of participating vendors, see Intel Developer Zone.
MPS and RPS contain TLS-based self-signed certificates that are involved in the device activation. See Remote Provisioning.
Learn More¶
| Link | Description |
|---|---|
| An Introduction To Intel AMT Remote Configuration Selection | Outlines the provisioning process. |
| Certificate Setup and Configuration Video | Describes the certificate purchase process. |