AMD Device Management Portal (ADMP)

Version 3.0

Before installing the ADMP binary or application, follow the below steps to prepare your environment.

📘 Index

1Configure HTTPS (SSL Certificates)

SSL certificates secure data between clients and the ADMP server using encryption and authentication.

Store all SSL certificates and keys in the folder path:
C:\Program Data\AMD\SSLCerts

1.1 Create Server Configuration File

Create server_san.cnf inside the SSL folder with the following content:

subjectAltName = @alt_names
[alt_names]
DNS.1 = {server name}
IP.1 = {server ip}

1.2 Generate CA Key and Certificate


openssl genrsa -out CA.key 4096
openssl req -x509 -new -nodes -key CA.key -sha256 -days 3650 -out CA.crt -subj "/CN=ADMPRootCA"
openssl genrsa -out admpkey.key 2048
openssl req -new -key admpkey.key -out admpcert.csr -subj "/CN=your_server_name"
openssl x509 -req -in admpcert.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out admpcert.crt -days 365 -sha256 -extfile server_san.cnf

2Database Setup

We support three databases: SQLite, PostgreSQL, and SQL Server. Please refer to the instructions below for setting up your preferred database.

2.1 SQLite Setup

No setup required. SQLite is included within the ADMP binary and does not need external configuration.

You can continue directly to installation.

2.2 SQL Server Setup

2.2.1 Install SQL Server

Download and install SQL Server (Express or Developer Edition) from Microsoft:

https://www.microsoft.com/en-us/sql-server/sql-server-downloads

2.2.2 Verify sqlcmd Utility

Check if sqlcmd is available using Command Prompt:

sqlcmd -?

If you receive a “command not found” or similar error, install SQLCMD utility from:

https://learn.microsoft.com/en-us/sql/tools/sqlcmd-utility

2.2.3 Grant Permissions for ADMP Database

This ensures ADMP has full rights for database operations during setup.

Run the following command to grant ADMP access rights:

sqlcmd -S localhost\SQLEXPRESS -Q "CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS; ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM];"

2.3 PostgreSQL Setup

Note:ADMP uses SSL based authentication for PostgreSQL. The server and client will trust each other using these SSL certificates for secure communication.

2.3.1 Install PostgreSQL

Download and install PostgreSQL from the official site:

https://www.postgresql.org/download/windows/

2.3.2 Add PostgreSQL to PATH

Add PostgreSQL binaries to the system environment PATH:

%ProgramFiles%\PostgreSQL\16\bin

2.3.3 SSL Certificate Storage

Store all SSL certificates and keys in the following folder:

%ProgramFiles%\AMD\ADMP\SSLCerts\
Note:Copy the previously generated CA.crt and CA.key files to this same folder.

2.3.4 Create Server Configuration File

Create server_san.cnf inside the SSL folder with the following content:

subjectAltName = @alt_names
[alt_names]
DNS.1 = {server name}
IP.1 = {server ip}

2.3.5 Generate Server Keys & Certificates

Run these commands inside the SSL folder:


openssl genrsa -out server.key 2048
openssl genrsa -out admpkey.key 2048
openssl req -new -key server.key -out server.csr -subj "/CN=your_server_name"
openssl req -new -key admpkey.key -out admpcert.csr -subj "/CN=your_server_name"
openssl x509 -req -in server.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out server.crt -days 365 -sha256 -extfile server_san.cnf
openssl x509 -req -in admpcert.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out admpcert.crt -days 365 -sha256 -extfile server_san.cnf

2.3.6 Generate Client Keys & Certificates

Run the following commands inside the SSL folder:


openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -subj "/CN=postgres"
openssl x509 -req -in client.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out client.crt -days 365

2.3.7 Update pg_hba.conf

Open the following configuration file:

%ProgramFiles%\PostgreSQL\16\data\pg_hba.conf

Add the following lines to enable SSL and certificate authentication:

hostssl all all 0.0.0.0/0 cert clientcert=verify-full

# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256

# IPv6 local connections:
hostssl all all ::/0 cert clientcert=verify-full

2.3.8 Update postgresql.conf

Open the following configuration file:

%ProgramFiles%\PostgreSQL\16\data\postgresql.conf

Enable SSL in the configuration file:

ssl = on
ssl_ca_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\CA.crt'
ssl_cert_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.crt'
ssl_key_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.key'

2.3.9 Secure Certificate Key Permissions

Run the following commands to remove inheritance, revoke existing permissions, and grant full control to the Administrator.

Note:All commands listed below must be executed in an administrator command prompt on the ADMP hosted server after performing Create Database from the application 


icacls "%ProgramFiles%\AMD\ADMP\SSLCerts\server.key" /inheritance:r
icacls "%ProgramFiles%\AMD\ADMP\SSLCerts\server.key" /remove:g Users Everyone
icacls "%ProgramFiles%\AMD\ADMP\SSLCerts\server.key" /grant Administrator:F /grant "NT AUTHORITY\NetworkService:R" /grant "NT AUTHORITY\SYSTEM:R"

icacls "%ProgramFiles%\AMD\ADMP\SSLCerts\client.key" /inheritance:r
icacls "%ProgramFiles%\AMD\ADMP\SSLCerts\client.key" /remove:g Users Everyone
icacls "%ProgramFiles%\AMD\ADMP\SSLCerts\client.key" /grant Administrator:F /grant "NT AUTHORITY\NetworkService:R" /grant "NT AUTHORITY\SYSTEM:R"

2.3.10 Restart PostgreSQL Service

Restart the PostgreSQL service to apply the SSL and authentication changes.

You are now ready to install the ADMP binary and continue with the installation steps.
After installation, open:
https://<hostname>:<443>/
or launch it via Windows Start Menu → AMD Device Management Portal.