CollapseAll image

Get the Credential Context used by the Active Profile

The following steps describe how to retrieve the credentials (client and root certificates) used in a profile to identify the user against the authenticating server.

1.  Retrieve the instance of IPS_IEEE8021xSettings, where the “InstanceID” key equals “Intel(r) AMT: 8021X Settings”.

2.  From the IPS_IEEE8021xSettings instance, traverse the IPS_8021xCredentialContext association class to find the instances of AMT_PublicKeyCertificate.

3.  For a Root Certificate look for an instance of AMT_PublicKeyCertificate where the “TrustedRootCertificate” field equals “true”.

4.  For a Client Certificate look for an instance of AMT_PublicKeyCertificate where the “TrustedRootCertificate” field equals “false”.

5.  Examine AMT_PublicKeyCertificate.ElementName, AMT_PublicKeyCertificate.X509Certificate, AMT_PublicKeyCertificate.Issuer, etc.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.


# Create a reference to IPS_IEEE8021xSettings instance.

$iee8021xSettingsRef =$wsmanConnectionObject.NewReference("SELECT * FROM IPS_IEEE8021xSettings WHERE InstanceID='Intel(r) AMT: 8021X Settings'")

$8021xCredentialContextRef =$wsmanConnectionObject.NewReference("IPS_8021xCredentialContext")


# Traverse to the AMT_8021xCredentialContext instances that are connected to the AMT_8021XProfile.

foreach($8021xCredentialContextItem in$8021xCredentialContextRef.Enumerate("",$null))


    # For each instance, check if it is associated to the AMT_PublicKeyCertificate instance.



          # For root certificate:


          #Get the AMT_PublicKeyCertificate object using its EPR.

          $publicKeyCertificateInstance =$8021xCredentialContextItem.Object.GetProperty("ElementInContext").Ref.Get()

          if($publicKeyCertificateInstance.GetProperty("TrustedRootCertficate") -like "true")


                $elementName =$publicKeyCertificateInstance.GetProperty("ElementName")

                $x509Certificate =$publicKeyCertificateInstance.GetProperty("X509Certificate")

                $issuer =$publicKeyCertificateInstance.GetProperty("Issuer")






Instance Diagram

Classes Used in This Flow

SDK Sample

Not applicable


Copyright © 2006-2022, Intel Corporation. All rights reserved.