Feature Request: Adapt MPS to support multiple FQDN ingress points and use different CIRA certificates per FQDN #1393
Description
Describe the feature request
Currently the certificates used for the CIRA configurations are pre-generated and rely on the use of the same certs for the Root and Issuer certificates. Can you add the ability to use multiple issuer certificates for multi-tenancy purposes?
This would support tenant separation at the AMT device level because they would require the correct certificate with the correct FQDN inserted as the CN.
As of now this is not possible and had a brief conversation with Matt Primrose here OACT Discord.
To Reproduce
I attempted to investigate if this would work.
Steps to reproduce the behavior:
- Create two CIRA configurations with different CNs in each
- Create two profiles, one for each of the CIRA configs created.
- Activate each workstation device.
- Verified if an ongoing connection existed for each device through MPS.
Expected behavior
Using different CNs in the CIRA configurations created, an ongoing connection between the workstation device and MPS service.
Screenshots 🖼️
OACT Code location for generating certificates used:
Setting Different CN Attempt:
AMT Device (please complete the following information): 🖥️
- OS: Windows 10
- AMT Version: 11.12.94
- AMT Configuration Mode: Client Control Mode
- Network Configuration : Static IP
Service Deployment (please complete the following information): ⛈️
- Deployment Type: Docker
- Node Version: Rocky 9.3
- Component & Version: MPS 2.13.10 and RPS 2.22.1