CollapseAll image

Configure and Activate the Profile

The following steps describe how to configure and activate the supplicant in Intel AMT to use the supported profiles. The following description shows the flow when the enabled profile is EAP-TLS.

1.  Retrieve the instance of IPS_IEEE8021xSettings, where the “InstanceID” key equals “Intel(r) AMT: 8021X Settings”. If the Enabled property is not already “true”, this Get will fail.

2.  If the Get failed, create a local version of the object. Otherwise, use the retrieved object. Set the following properties in the object:

Property

Value

ElementName

Any element name (ignored by Intel AMT)

InstanceID

“Intel(r) AMT: 8021X Settings”

Enabled

“2”

AuthenticationProtocol

“0”

Username

“user1”

AvailableInS0

“true”

ServerCertificateNameComparison

“2” for fully qualified domain name

“3” for domain suffix

ServerCertificateName

Fully qualified domain name or domain suffix

 

3.  Invoke IPS_IEEE8021xSettings.Put to activate the profile.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Update the remote interface.

$tlsSettingDataRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_TLSSettingData WHERE InstanceID='Intel(r) AMT 802.3 TLS Settings'")

$tlsSettingDataInstance =$tlsSettingDataRef.Get()

$tlsSettingDataInstance.SetProperty("Enabled","true")

$tlsSettingDataInstance.SetProperty("MutualAuthentication","false")

$tlsSettingDataRef.Put($tlsSettingDataInstance)

 

 

4.  Invoke IPS_IEEE8021xSettings.SetCertificates with the EPR to the instance of AMT_PublicKeyCertificate that is the issuer of the RADIUS server certificate (see Add a Trusted Root Certificate) and another EPR to the certificate that Intel AMT sends when the RADIUS requests a client certificate (see Add a Public Key Certificate).

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$iee8021xSettingsRef =$wsmanConnectionObject.NewReference("SELECT * FROM IPS_IEEE8021xSettings WHERE InstanceID='Intel(r) AMT: 8021X Settings'")

$iee8021xSettingsRef.CreateMethodInput("SetCertificates")

$iee8021xSettingsInstance.SetProperty("ServerCertificateIssuer",$rootCertificateRef)

$iee8021xSettingsInstance.SetProperty("ClientCertificate",$clientCertificateRef)

$outputObject =$iee8021xSettingsRef.InvokeMethod($iee8021xSettingsInstance)

$returnValue =$outputObject.GetProperty("ReturnValue")

 

 

Instance Diagram

Classes Used in This Flow

SDK Sample

Not applicable

 

See Also:

   Detailed Description

   IPS_IEEE8021xSettings Field Descriptions

   Active/Passive Mode

   Certificate Management

Copyright © 2006-2022, Intel Corporation. All rights reserved.