Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Invoke-GenerateCSR is not working

jic5760
New Contributor I
1,446 Views

Hello,

 

I'm trying Invoke-GenerateCSR via PowerShell.

But not working...

 

1. Invoke-GenerateKeyPair -ComputerName localhost -Username admin -Password "XXXXX" -KeyAlgorithm RSA -KeyLength 2048

2. (Save public key as amt-public-key.pem)

3. create-amt-null-signed-csr -cn "test" > "C:\temp\csr.pem"

4. Invoke-GenerateCSR -ComputerName localhost -Username admin -Password "XXXXX" -SigningAlgorithm SHA256-RSA -NullSignedRequestPath "C:\temp\csr.pem"

 

Result:

Exception Thrown:
"1"개의 인수가 있는 "InvokeMethod"을(를) 호출하는 동안 예외가 발생했습니다. "ConnectionClosed"

translated:

An exception occurred while calling "InvokeMethod" with "1" arguments. "ConnectionClosed"

 

References:

https://github.com/rgl/create-amt-null-signed-csr

 

Regards,

Lee.

 

0 Kudos
1 Solution
jic5760
New Contributor I
1,354 Views

Hello, JoseH.

 

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fchangesfromrelease100torelease110.htm

 

It seems that GeneratePKCS10RequestEx is deprecated.

 

I close this issue as we will not be using the deprecated one in the future.

 

Thank you

 

Regards,

Lee.

View solution in original post

0 Kudos
7 Replies
JoseH_Intel
Moderator
1,419 Views

Hello jic5760,


Welcome back to the community


Could you please tell your OS version and PowerShell version? Remember that the OS needs to be installed in US English as per there is no internationalization support yet.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
jic5760
New Contributor I
1,416 Views

Hello, Jose A.

 

Windows Version : 21H2 (OS Build: 19044.1706)

PowerShell Version ($PSversionTable):

Name                           Value
----                           -----
PSVersion                      5.1.19041.1682
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.1682
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

 

 

The socket is closed when sending wsman XML requests with postman as well as PowerShell.

<?xml version="1.0" encoding="utf-8"?>
<Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns="http://www.w3.org/2003/05/soap-envelope">
    <Header>
        <a:Action>http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyManagementService/GeneratePKCS10RequestEx</a:Action>
        <a:To>/wsman</a:To>
        <w:ResourceURI>http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyManagementService</w:ResourceURI>
        <a:MessageID>1</a:MessageID>
        <a:ReplyTo>
            <a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
        </a:ReplyTo>
        <w:OperationTimeout>PT60S</w:OperationTimeout>
    </Header>
    <Body>
        <r:GeneratePKCS10RequestEx_INPUT xmlns:r="http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyManagementService">
            <r:KeyPair>
                <Address xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
                <ReferenceParameters xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">
                    <ResourceURI xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">http://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicPrivateKeyPair</ResourceURI>
                    <SelectorSet xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">
                        <Selector Name="InstanceID">Intel(r) AMT Key: Handle: 0</Selector>
                    </SelectorSet>
                </ReferenceParameters>
            </r:KeyPair>
            <r:SigningAlgorithm>1</r:SigningAlgorithm>
            <r:NullSignedCertificateRequest>MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHdGVzdF9wYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOXXIiTzGIpW3/hM5RHwYQ7ya2lg9D7TTMtMkjdtL+S7/YXeT3pYBShZTgXNNblM4AB9EMOKuhnZw8OGU5G+z1E1BObTgk+C4PiG58EWyymAvbYYr2w7PaL8nnY6tlU+rc4XADWa0qqekEQivP6RH8IjT6KErIp9xxatEJJsU99+4WtMyPWvvKo7kVQiaNeMb5qbL9oLfdXOHk9g0pzmc9QmojADskctJcwO6o9Mkvsu7doYxNmjbyoS1tzcVwG3JoGECXhR1q2nnUYHIS15L2+G9RbU+ktYd3yMrEwskl4B4gX4+LVmV3yQPHZpo24kKRiAXndrOwoDxDtJoh3LE10CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQANB1nljXRAJmMS3FypHn2+oWEW+vDeXAFMevYv8+OB8UbRUnL4zeCZ19+jaDdKn0+5M1U/juDC6mVUM1SnkqRGT1RflSWdGod+dY8zNfg0FKVZYzXEFklcfcuvKq5MsdMAthKYBT2VPnuEl+tlB6K6hz74NDDoQGOMmh6DNv1BStVQEOHriviUWTiVUiG51dXkKcE7Gg4N306uHhWPhJPtOHYZ4FraU4+N6QKyzZVqcV25t63LzVd4HIhU9zooSQ2ZuUBZRoR+90LhXSrBjcBRc0nt1wxuWK5U9mB6HvdKnf3cW/wTnbE0i1f3mmwjvJK4gAn57FOeGqlBSuJwS7Sc</r:NullSignedCertificateRequest>
        </r:GeneratePKCS10RequestEx_INPUT>
    </Body>
</Envelope>

jic5760_0-1654824824492.png

 

 

Regards,

Lee.

 

 

 

0 Kudos
JoseH_Intel
Moderator
1,413 Views

Hello jic5760,


There is an old issue about System cryptography > Use FIPS compliant algorithms for encryption, hashing, and signing.

Take a look at this article “WsmanUnauthorizedException” Error When Using PowerShell*... (intel.com)


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
jic5760
New Contributor I
1,412 Views

Hello Jose A.

 

That's different from the problem. It does not fail authentication.

Commands other than Invoke-GenerateCSR succeed.

And HTTP requests also fail, non-PowerShell.

 

Regards,

Lee.

0 Kudos
JoseH_Intel
Moderator
1,402 Views

Hello jic5760,


In the Release Notes for the PowerShell module v15.0.2.1 it says:


Intel vPro® Technology Module for Windows* PowerShell* 15.0.2.1 

---------------------------------------------------------------

# This version includes new PowerShell cmdlets:

 1. TLS configuration scripts:

Invoke-GeneratePrivateKey

Invoke-GenerateCSR

Invoke-ConfigureTLSServerAuthentication

Invoke-ConfigureTLSMutualAuthentication

Invoke-DisableTLSAuthentication

Invoke-AddPrivateKey


Let me try to look more info about this particular command. I will get back to you soon.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
JoseH_Intel
Moderator
1,363 Views

Hello jic5760,

 

We are unclear as to what you are attempting to do. We notice that you are using code from the github reference and not completely using the SDK? is this correct? Also, is this happening on multiple systems? Please run an SSU and a acuconfig.exe /verbose /output systemdiscovery and attach the ssu output and the .xml file to the case.

Attaching the "Intel vPro Technology module for Windows PowerShell - Rev 3_2_6" for reference on the particular command

 

Regards

 

Jose A.

Intel Customer Support Technician

 

0 Kudos
jic5760
New Contributor I
1,355 Views

Hello, JoseH.

 

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fchangesfromrelease100torelease110.htm

 

It seems that GeneratePKCS10RequestEx is deprecated.

 

I close this issue as we will not be using the deprecated one in the future.

 

Thank you

 

Regards,

Lee.

0 Kudos
Reply