The HLAPI implements the Certificate Management feature in the Certificate Management API.
The available methods are described in the ICertificateManagement interface.
Examples
These C# examples show how to use the Certificate Management API (after connecting to the Intel AMT device). A certificate path will only work when a certificate exists in the relevant path.
Add a certificate to the certificate store
X509Certificate2 certificate = new
X509Certificate2(@"..\..\CertificateName.p12", "q",
X509KeyStorageFlags.Exportable);
amt.Config.CertificateManagement.AddCertificate(certificate);
Add a chain to the certificate store
// Add a chain of trusted certificates:
// 1. Create X509Chain object.
// 2. Set to the X509Chain object an additional certificates store from which the chain will be built.
// 3. Build certificates chain.
// 4. Add the chain elements to the certificate store.
X509Certificate2 rootCertificate = new
X509Certificate2(@"..\..\RootCert.cer");
X509Certificate2 leafCertificate = new
X509Certificate2(@"..\..\LeafCert.p12", "q", X509KeyStorageFlags.Exportable);
X509Chain trustedChain = new X509Chain();
trustedChain.ChainPolicy.ExtraStore.Add(rootCertificate);
trustedChain.ChainPolicy.VerificationFlags =
X509VerificationFlags.AllFlags;
trustedChain.Build(leafCertificate);
Note: |
When adding a certificate chain, if there is not enough space for all the certififcates in the added chain, no certificate will be added. |
Retrieve all certificates
List<X509Certificate2> certificates =
amt.Config.CertificateManagement.GetAllCertificates();
foreach (X509Certificate2 certificate in certificates)
{
Console.WriteLine("Name : {0}. Issuer : {1}. Subject : {2}. Has
Private Key : {3}",certificate.FriendlyName ,certificate.Issuer,
certificate.Subject, certificate.HasPrivateKey);
}
Retrieve all TrustedRootCertificates
List<X509Certificate2> certificates =
amt.Config.CertificateManagement.GetTrustedRootCertificates();
foreach (X509Certificate2 certificate in certificates)
{
Console.WriteLine("Name : {0}. Issuer & Subject : {1}. Has Private Key
: {2}", certificate.FriendlyName, certificate.Issuer, certificate.HasPrivateKey);
}
Retrieve all NonTrustedRootCertificates
List<X509Certificate2> certificates =
amt.Config.CertificateManagement.GetNonTrustedRootCertificates();
foreach (X509Certificate2 certificate in certificates)
{
Console.WriteLine("Name : {0}. Issuer : {1}. Subject : {2}. Has
Private Key : {3}", certificate.FriendlyName, certificate.Issuer,
certificate.Subject, certificate.HasPrivateKey);
}
Retrieve a chain of certificates from the certificate store
X509Certificate2 certificate = new
X509Certificate2(@"..\..\CertificateName.p12", "q",
X509KeyStorageFlags.Exportable);
X509Chain chain = amt.Config.CertificateManagement.GetChain(certificate);
Note: |
Enter an existing certificate with a private key to build a chain with the appropriate subCA certificates from the certificate store. |
Remove a certificate from the certificate store
X509Certificate2 certificate = new
X509Certificate2(@"..\..\CertificateName.p12", "q",
X509KeyStorageFlags.Exportable);
amt.Config.CertificateManagement.RemoveCertificate(certificate);
Remove all certificates from the certificate store
// Delete all certificates including their private keys.
amt.Config.CertificateManagement.RemoveAllCertificates(true);
Remove all trustedRootCertificates from the certificate store
amt.Config.CertificateManagement.RemoveTrustedRootCertificates();
Remove all nonTrustedRootCertificates from the certificate store
// DeletenonTrustedRootsCertificates without deleting their private keys.
amt.Config.CertificateManagement.RemoveNonTrustedRootCertificates(false);
Note: |
• In order to manage the certificate store without any intervention of other Intel AMT features,you must set the amt.Config.CertificateManagement.ManageCertificateManually property to be true. If the property’s value is false, a certificate may be removed when a linked profile/feature is deleted. • When adding a certificate chain, if there is not enough space for all the certififcates in the added chain, no certificate will be added. • When deleting a specified certificate with a X509Certificate property, the certificate and its private keys will be deleted even though the X509Certificate property contained only the certificate without the certificate’s private key. |
See Also: |
Copyright © 2006-2022, Intel Corporation. All rights reserved. |