How does the VeriSign Root Certificate Change Affect Intel vPro
This blog entry is primarily for those who are looking to acquiring a VeriSign certificate for vPro remote configuration. If you've already acquired and are using the certificate, VeriSign will likely be calling you with an update.
On May 17th, VeriSign transitioned to a new root certificate for G1 standard certificates - read statement from VeriSign: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD146&actp=LIST
Without going into great detail - how does this affect vPro remote configuration with a VeriSign certificate?
The good news is that VeriSign certificates are available for vPro remote configuration. Take a look at the landing page - http://www.verisign.com/ssl/intel-vpro-technology/index.html
A few items to note about the May 17th event:
- The VeriSign G1 standard certificate has transitioned to their G2 certificate. The G2 root certificate hash is not currently inside the vPro\AMT platform.
- The VeriSign certificate available for purchase at the landing site are Secure Site Pro certificates... also referred to as G1 Premium. You will notice a price increase. The G1 Premium certificate root hash is the same as the former G1 standard. The difference is the signing\coding required for Premium level.
- If you purchased and are using a VeriSign G1 standard certificate for remote configuration prior to May 17, 2009 - VeriSign will be contacting you before the renewal timeframe (i.e. 1, 2, or 3 years based on what you originally purchased) to discuss options. PLEASE NOTE: The G1 standard certificate is still valid and will work until issued expiration. You simply cannot renew to the same G1 standard certificate... since it's no longer being issued.
If you have questions - please blog back.