# Copyright (C) 2021 Intel Corporation function Invoke-ConfigureTLSServerAuthentication { <# .Synopsis Configures AMT connection to TLS with server authentication. .Description This cmdlet configures the AMT connection to TLS with server authentication. The cmdlet adds the AMT certificate and enables TLS. Use the -AcceptNonSecure parameter to allow also non secure connection. Use the -EnableLocalTLS parameter to enable local TLS connection in addition to the remote connection. .Notes AMT Provisioning: The vPro client AMT firmware must be provisioned prior to accessing AMT functionality. This CMDLet will fail if it is run against a vPro client that has not been provisioned. AMT Client Authentication: To invoke commands against AMT enabled clients credentials to authenticate must be specified. When no credential is provided as a parameter, the script will use the local logged on Kerberos credential. When only the username (Kerberos or Digest) parameter is included the user will be prompted to provide the associated password. Credentials should be stored as a PowerShell variable then passed into the Cmdlet with the credential parameter. $AMTCredential = get-credential AMT Client Encryption: If the Intel vPro client has been configured to use TLS (a web server certificate has been issued to the Intel Management Engine) the Cmdlet must be called with a -TLS switch. When managing an Intel vPro client over TLS (Port 16993) it is important that the computername parameter matchs the primary subject name of the issued TLS certificate. Typically this is the fully qualified domain name (FQDN). If Mutual TLS is desired, the Cmdlet must be called with -TLS switch and with a valid certificate name from the certificate store in the -CertificateName parameter. Status: Status output designates if the Cmdlet was run successfully. For failed attempts additional status may be provided. .Link http:\\vproexpert.com http:\\www.intel.com\vpro http:\\www.intel.com .Example Invoke-ConfigureTLSServerAuthentication -ComputerName 192.168.168.10 -Username admin -Password Admin!98 -CertificateFilePath ".\leaf.cer" Add certificate - Certificate Added successfully! Server Authentication configuration succeeded! .Example Invoke-ConfigureTLSServerAuthentication -ComputerName dut.vprodemo.com -Username admin -Password Admin!98 -CertificateFilePath ".\leaf.cer" -AcceptNonSecure -EnableLocalTLS Add certificate - Certificate Added successfully! Server Authentication configuration succeeded! #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, position = 0,HelpMessage = "Hostname, FQDN, or IP Address")] [String[]] $ComputerName, [Parameter(Mandatory = $false, position = 1,HelpMessage = "Digest User")] [string] $Username, [Parameter(Mandatory = $false, position = 2,HelpMessage = "Digest Password")] [string] $Password, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true, ValueFromPipeline=$false, position=3, HelpMessage="Valid Ports are 16992 (non-TLS) or 16993 (TLS)")][ValidateSet("16992", "16993")] [String] $Port, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=4, HelpMessage="Use TLS (Port 16993)")] [switch] $TLS, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Accept self-signed certificate for TLS connection (skip any certificate checks.)")] [switch] $AcceptSelfSignedCert, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=5, HelpMessage="Name of certificate. (Use for mutual TLS)")] [string] $CertificateName, [Parameter(Mandatory = $true, position = 6,HelpMessage = "Path to Certificate file")] [string] $CertificateFilePath, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=7, HelpMessage="Accept non secure connections")] [switch] $AcceptNonSecure, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=8, HelpMessage="Enable local TLS")] [switch] $EnableLocalTLS, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=9, HelpMessage="PS Credential")] [System.Management.Automation.PSCredential] $Credential ) PROCESS { function CommitChanges { $setupAndConfigurationServiceRef = $wsmanConnectionObject.NewReference("SELECT * FROM AMT_SetupAndConfigurationService WHERE Name='Intel(r) AMT Setup and Configuration Service'") $inputObject = $setupAndConfigurationServiceRef.CreateMethodInput("CommitChanges") $outputObject = $setupAndConfigurationServiceRef.InvokeMethod($inputObject) if(-not ($outputObject.GetProperty("ReturnValue") -like "0")) { $Results += "Commit Changes operation failed.`n" return "false" } return "true" } #### Get Certificate Blob #### function GetCertificateBlob { $readFile = [System.IO.File]::OpenText($CertificateFilePath) # These are the certificate opening and closing tags we use for this PS script, user can add more types $BEGIN = "-----BEGIN CERTIFICATE-----" $END = "-----END CERTIFICATE-----" [bool]$read = $false While(!$readFile.EndOfStream) { $line = $readFile.ReadLine() IF($line -match $BEGIN) { $read = $true $certificateBlob = $null While($read -and !$readFile.EndOfStream) { $line = $readFile.ReadLine() IF($line -notmatch $END) { $certificateBlob += $line } ELSE { $read = $false } } } } $readFile.Close() if($read) # Incorrect or missing oprning or closing tag { throw "Incorrect file content`n" return } return $certificateBlob } try { $Results = @() $Results += "`n" # Create a connection object $wsmanConnectionObject = New-Object Intel.Management.Wsman.WsmanConnection if ($Credential.username.Length -gt 0) { $wsmanConnectionObject.SetCredentials($Credential.Username, $Credential.Password) } elseif ($Username.length -gt 0) { if ($Password.length -gt 0) { $wsmanConnectionObject.SetCredentials($Username, $Password) } else { $Cred = Get-Credential $Username $wsmanConnectionObject.SetCredentials($Cred.Username, $Cred.Password) } } if ($Port -ne "16993") { if ($TLS.IsPresent) { $Port = 16993; } else { $Port = 16992; } } if($CertificateName.Length -gt 0) { $wsmanConnectionObject.Options.SetClientCertificateByCertificateName($CertificateName) } if($AcceptSelfSignedCert.IsPresent) { $wsmanConnectionObject.Options.AcceptSelfSignedCertificate=$true; } ForEach ($Comp in $ComputerName) { # Attempt Connection with Client $wsmanConnectionObject.SetHost($Comp, $Port) if( -not $wsmanConnectionObject) { $Results += "Cannot connenct `n" } # Add certificate $publicKeyManagementServiceRef = $wsmanConnectionObject.NewReference("SELECT * FROM AMT_PublicKeyManagementService WHERE Name='Intel(r) AMT Public Key Management Service'") $inputCertificate = $publicKeyManagementServiceRef.CreateMethodInput("AddCertificate") $certificateBlob = GetCertificateBlob $inputCertificate.AddProperty("CertificateBlob", $certificateBlob) $outputObject = $publicKeyManagementServiceRef.InvokeMethod($inputCertificate) $returnValue = $outputObject.GetProperty("ReturnValue") if(($returnValue -like "0") -Or ($returnValue -like "2058")) { if($returnValue -like "0") # Certificate added successfully { $Results += "Add certificate - Certificate Added successfully! `n" # The $publicKeyCertificateRef is an EPR to the new AMT_PublicKeyCertificate object. $publicKeyCertificateRef = $outputObject.GetProperty("CreatedCertificate").Ref } elseif($returnValue -like "2058") # Certificate already exists { $Results += "Add certificate - Certificate already exists.`n" $certRef_Enum = $wsmanConnectionObject.NewReference("AMT_PublicKeyCertificate").Enumerate() foreach ($certificateInstance in $certRef_Enum) { if($certificateInstance.Object.GetProperty("X509Certificate").ToString() -eq $certificateBlob) { $certificateInstanceID = $certificateInstance.Object.GetProperty("InstanceID").ToString() $publicKeyCertificateRef = $wsmanConnectionObject.NewReference("SELECT * FROM AMT_PublicKeyCertificate") $publicKeyCertificateRef.AddSelector("InstanceID", $certificateInstanceID) break } } } # Set TLS Credentials certificate $tlsProtocolEndpointCollectionRef = $wsmanConnectionObject.NewReference("SELECT * FROM AMT_TLSProtocolEndpointCollection WHERE ElementName='TLSProtocolEndpoint Instances Collection'") $tlsCredentialContextInstance = $wsmanConnectionObject.NewInstance("AMT_TLSCredentialContext") # $publicKeyCertificateRef is an EPR to the AMT_PublicKeyCertificate object $tlsCredentialContextInstance.SetProperty("ElementInContext", $publicKeyCertificateRef) $tlsCredentialContextInstance.SetProperty("ElementProvidingContext", $tlsProtocolEndpointCollectionRef) $tlsCredentialContextRef = $wsmanConnectionObject.NewReference("AMT_TLSCredentialContext") $tlsCredentialContextInstances = $tlsCredentialContextRef.Enumerate() # Checking for an already existing TLS credential context instance $count = 0 foreach($tlsCredentialContext_Instance in $tlsCredentialContextInstances) { $count += 1 } try { if($count -eq 0) { $outputObject = $tlsCredentialContextInstance.Create() } else { $outputObject = $tlsCredentialContextRef.Put($tlsCredentialContextInstance) } } catch { throw } # Update the remote interface. $tlsSettingDataRef = $wsmanConnectionObject.NewReference("SELECT * FROM AMT_TLSSettingData WHERE InstanceID='Intel(r) AMT 802.3 TLS Settings'") $tlsSettingDataInstance = $tlsSettingDataRef.Get() $tlsSettingDataInstance.SetProperty("Enabled", "true") $tlsSettingDataInstance.SetProperty("MutualAuthentication", "false") if($AcceptNonSecure.IsPresent -like "true") { $tlsSettingDataInstance.SetProperty("AcceptNonSecureConnections", "true") } else { $tlsSettingDataInstance.SetProperty("AcceptNonSecureConnections", "false") } $putRes = $tlsSettingDataRef.Put($tlsSettingDataInstance) $tlsSettingDataRef = $wsmanConnectionObject.NewReference("SELECT * FROM AMT_TLSSettingData WHERE InstanceID='Intel(r) AMT LMS TLS Settings'") $tlsSettingDataInstance = $tlsSettingDataRef.Get() if($EnableLocalTLS.IsPresent -like "true") { $tlsSettingDataInstance.SetProperty("Enabled", "true") } else { $tlsSettingDataInstance.SetProperty("Enabled", "false") } $tlsSettingDataInstance.SetProperty("MutualAuthentication", "false") $putRes = $tlsSettingDataRef.Put($tlsSettingDataInstance) $commitChangesRes = CommitChanges if($commitChangesRes -like "false") { $Results += "Commit changes - failed to commit changes.`n" } else { $Results += "Server Authentication configuration succeeded!`n" } } else { $Results += "Add certificate - Failed." if($returnValue -like "2058") { $Results += "Reason: PT_STATUS_DUPLICATE" } } } } catch { $Results += "Exception Thrown:" $Results += $_.Exception.Message } # Set back to false for the next cmdlet, if PS is still open $wsmanConnectionObject.Options.AcceptSelfSignedCertificate=$false; Write-Output $Results } } # SIG # Begin signature block # MIItiwYJKoZIhvcNAQcCoIItfDCCLXgCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD9p0TgqGXqXn/V # P7KZcD+ZWNoMj1Uz25GXEy9GpEy8OaCCEX4wggVvMIIEV6ADAgECAhBI/JO0YFWU # jTanyYqJ1pQWMA0GCSqGSIb3DQEBDAUAMHsxCzAJBgNVBAYTAkdCMRswGQYDVQQI # DBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoM # EUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDDBhBQUEgQ2VydGlmaWNhdGUgU2Vy # dmljZXMwHhcNMjEwNTI1MDAwMDAwWhcNMjgxMjMxMjM1OTU5WjBWMQswCQYDVQQG # EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRTZWN0aWdv # IFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQCN55QSIgQkdC7/FiMCkoq2rjaFrEfUI5ErPtx94jGgUW+s # hJHjUoq14pbe0IdjJImK/+8Skzt9u7aKvb0Ffyeba2XTpQxpsbxJOZrxbW6q5KCD # J9qaDStQ6Utbs7hkNqR+Sj2pcaths3OzPAsM79szV+W+NDfjlxtd/R8SPYIDdub7 # P2bSlDFp+m2zNKzBenjcklDyZMeqLQSrw2rq4C+np9xu1+j/2iGrQL+57g2extme # me/G3h+pDHazJyCh1rr9gOcB0u/rgimVcI3/uxXP/tEPNqIuTzKQdEZrRzUTdwUz # T2MuuC3hv2WnBGsY2HH6zAjybYmZELGt2z4s5KoYsMYHAXVn3m3pY2MeNn9pib6q # RT5uWl+PoVvLnTCGMOgDs0DGDQ84zWeoU4j6uDBl+m/H5x2xg3RpPqzEaDux5mcz # mrYI4IAFSEDu9oJkRqj1c7AGlfJsZZ+/VVscnFcax3hGfHCqlBuCF6yH6bbJDoEc # QNYWFyn8XJwYK+pF9e+91WdPKF4F7pBMeufG9ND8+s0+MkYTIDaKBOq3qgdGnA2T # OglmmVhcKaO5DKYwODzQRjY1fJy67sPV+Qp2+n4FG0DKkjXp1XrRtX8ArqmQqsV/ # AZwQsRb8zG4Y3G9i/qZQp7h7uJ0VP/4gDHXIIloTlRmQAOka1cKG8eOO7F/05QID # AQABo4IBEjCCAQ4wHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYD # VR0OBBYEFDLrkpr/NZZILyhAQnAgNpFcF4XmMA4GA1UdDwEB/wQEAwIBhjAPBgNV # HRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMDMBsGA1UdIAQUMBIwBgYE # VR0gADAIBgZngQwBBAEwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21v # ZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEE # KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZI # hvcNAQEMBQADggEBABK/oe+LdJqYRLhpRrWrJAoMpIpnuDqBv0WKfVIHqI0fTiGF # OaNrXi0ghr8QuK55O1PNtPvYRL4G2VxjZ9RAFodEhnIq1jIV9RKDwvnhXRFAZ/ZC # J3LFI+ICOBpMIOLbAffNRk8monxmwFE2tokCVMf8WPtsAO7+mKYulaEMUykfb9gZ # pk+e96wJ6l2CxouvgKe9gUhShDHaMuwV5KZMPWw5c9QLhTkg4IUaaOGnSDip0TYl # d8GNGRbFiExmfS9jzpjoad+sPKhdnckcW67Y8y90z7h+9teDnRGWYpquRRPaf9xH # +9/DUp/mBlXpnYzyOmJRvOwkDynUWICE5EV7WtgwggXpMIIEUaADAgECAhEA/lzU # lQGKZRek0E74e2uTOjANBgkqhkiG9w0BAQwFADBUMQswCQYDVQQGEwJHQjEYMBYG # A1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQDEyJTZWN0aWdvIFB1YmxpYyBD # b2RlIFNpZ25pbmcgQ0EgUjM2MB4XDTI0MDMxMzAwMDAwMFoXDTI1MDMxMzIzNTk1 # OVowWjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGjAYBgNVBAoM # EUludGVsIENvcnBvcmF0aW9uMRowGAYDVQQDDBFJbnRlbCBDb3Jwb3JhdGlvbjCC # AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAI69Cz15squYBdM5ZXnjFBNn # vqzI4WUgaQ/PjBKog2t/IkSByXK+3K1m4CwQtTgqpMCD193E3A/xDHmWVEvpCKUB # +xc8c/8FE6TymrIKA/0UH7jVesLgCo0AxfM0dkcqrvLKvnchseekdaM2b+E41NSj # AhhWgGp1LoTZyrAOJNpGsPIfgA/0+J6RCECh9BARbXCRXAnzTuPtWDXfKlOwSa4+ # o2tJM7TPNALTJSLHoZbvfUOpgOh+0lWx49himoW6lfDt5cZDPOT8wNwpd5DWwB8M # hzLfNEpbvR/85s8SP/dWRrAVkSRxS1wqIZa9OsxD+rjBBIe8JDR1Y9hjGBUKybMA # Y30Pp8rDpFeH1Ya1A8gNeae8KRSlacroyoxhRviL9n8nCZIhiqL6Q0Qu9cJGwlYi # L9mAMRyVPI3BHf0s6r6BRqt8yBYP/2dsgc4z9YV9DGJUaKz2kjwud1OJZupFDZio # +shzbO/h78iJSQiMVHgMVFEVOZFERE3dVSEFsWdPAwIDAQABo4IBrjCCAaowHwYD # VR0jBBgwFoAUDyrLIIcouOxvSK4rVKYpqhekzQwwHQYDVR0OBBYEFCjtPWp/OnUU # 51aXAiBwcQ/gvYfGMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1Ud # JQQMMAoGCCsGAQUFBwMDMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMCMCUwIwYI # KwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEATBJBgNV # HR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJs # aWNDb2RlU2lnbmluZ0NBUjM2LmNybDB5BggrBgEFBQcBAQRtMGswRAYIKwYBBQUH # MAKGOGh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWdu # aW5nQ0FSMzYuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNv # bTAjBgNVHREEHDAagRhwa2llbmdpbmVlcmluZ0BpbnRlbC5jb20wDQYJKoZIhvcN # AQEMBQADggGBAB01WGV1cWjtTCQGkNtDRpmS08NuUis1F2+0cwIrk2dY8tXKiZ5R # supkBKWfpjNSHdW79DvVCotBbyRYUdDSeFkQ8jRPm+vlzyFhRWuW4qSYcIlx6qia # pGZEFsvmEEXMnwG9zEEeKsYlnM/ZSI23uLZCXyhJx35G2PpBr3tMym6gIvta5Dml # 4S/XEJJI/ZvIKhPO5QUemCS07S9QN7SOKeEkk1LdV1ccCBNtRpAzmGVr4iYS4pbV # r8yishYe25TSAPeWEy9PYEMnjZbQQS8lD8XFB6gfiTJLFCCzIKsHzMIk+FuJlwVl # q4ec/Wrx0+fpVeo2SPJZI/iE82gtD5oywotprC47MdvVlcvbePYnHoJqqRtnhX+E # 6jlGRtnhUCPV+BsRScp4v8DIUJGdV5AzS5rYu3YhJGDJgTgPGvBtmvaPeJtxcKzX # UnMpPtanuJgW3o1ucSo9SKb9dNqFcLcOUVD2lDjh85Z0anJom924xhVm4cGNWSF7 # az8cVA6zH/Rc6DCCBhowggQCoAMCAQICEGIdbQxSAZ47kHkVIIkhHAowDQYJKoZI # hvcNAQEMBQAwVjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRl # ZDEtMCsGA1UEAxMkU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIFJvb3QgUjQ2 # MB4XDTIxMDMyMjAwMDAwMFoXDTM2MDMyMTIzNTk1OVowVDELMAkGA1UEBhMCR0Ix # GDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDErMCkGA1UEAxMiU2VjdGlnbyBQdWJs # aWMgQ29kZSBTaWduaW5nIENBIFIzNjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC # AYoCggGBAJsrnVP6NT+OYAZDasDP9X/2yFNTGMjO02x+/FgHlRd5ZTMLER4ARkZs # Q3hAyAKwktlQqFZOGP/I+rLSJJmFeRno+DYDY1UOAWKA4xjMHY4qF2p9YZWhhbeF # pPb09JNqFiTCYy/Rv/zedt4QJuIxeFI61tqb7/foXT1/LW2wHyN79FXSYiTxcv+1 # 8Irpw+5gcTbXnDOsrSHVJYdPE9s+5iRF2Q/TlnCZGZOcA7n9qudjzeN43OE/TpKF # 2dGq1mVXn37zK/4oiETkgsyqA5lgAQ0c1f1IkOb6rGnhWqkHcxX+HnfKXjVodTmm # V52L2UIFsf0l4iQ0UgKJUc2RGarhOnG3B++OxR53LPys3J9AnL9o6zlviz5pzsgf # rQH4lrtNUz4Qq/Va5MbBwuahTcWk4UxuY+PynPjgw9nV/35gRAhC3L81B3/bIaBb # 659+Vxn9kT2jUztrkmep/aLb+4xJbKZHyvahAEx2XKHafkeKtjiMqcUf/2BG935A # 591GsllvWwIDAQABo4IBZDCCAWAwHwYDVR0jBBgwFoAUMuuSmv81lkgvKEBCcCA2 # kVwXheYwHQYDVR0OBBYEFA8qyyCHKLjsb0iuK1SmKaoXpM0MMA4GA1UdDwEB/wQE # AwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMBsG # A1UdIAQUMBIwBgYEVR0gADAIBgZngQwBBAEwSwYDVR0fBEQwQjBAoD6gPIY6aHR0 # cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdSb290 # UjQ2LmNybDB7BggrBgEFBQcBAQRvMG0wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jcnQu # c2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9vdFI0Ni5wN2Mw # IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEB # DAUAA4ICAQAG/4Lhd2M2bnuhFSCbE/8E/ph1RGHDVpVx0ZE/haHrQECxyNbgcv2F # ymQ5PPmNS6Dah66dtgCjBsULYAor5wxxcgEPRl05pZOzI3IEGwwsepp+8iGsLKaV # pL3z5CmgELIqmk/Q5zFgR1TSGmxqoEEhk60FqONzDn7D8p4W89h8sX+V1imaUb69 # 3TGqWp3T32IKGfIgy9jkd7GM7YCa2xulWfQ6E1xZtYNEX/ewGnp9ZeHPsNwwviJM # BZL4xVd40uPWUnOJUoSiugaz0yWLODRtQxs5qU6E58KKmfHwJotl5WZ7nIQuDT0m # WjwEx7zSM7fs9Tx6N+Q/3+49qTtUvAQsrEAxwmzOTJ6Jp6uWmHCgrHW4dHM3ITpv # G5Ipy62KyqYovk5O6cC+040Si15KJpuQ9VJnbPvqYqfMB9nEKX/d2rd1Q3DiuDex # MKCCQdJGpOqUsxLuCOuFOoGbO7Uv3RjUpY39jkkp0a+yls6tN85fJe+Y8voTnbPU # 1knpy24wUFBkfenBa+pRFHwCBB1QtS+vGNRhsceP3kSPNrrfN2sRzFYsNfrFaWz8 # YOdU254qNZQfd9O/VjxZ2Gjr3xgANHtM3HxfzPYF6/pKK8EE4dj66qKKtm2DTL1K # FCg/OYJyfrdLJq1q2/HXntgr2GVw+ZWhrWgMTn8v1SjZsLlrgIfZHDGCG2Mwghtf # AgEBMGkwVDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEr # MCkGA1UEAxMiU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIFIzNgIRAP5c # 1JUBimUXpNBO+HtrkzowDQYJYIZIAWUDBAIBBQCgfDAQBgorBgEEAYI3AgEMMQIw # ADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYK # KwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgzBAIJjGwIB+uy+UTFXrj1SUGn5Oe # 1KOonqCosR5RBn0wDQYJKoZIhvcNAQEBBQAEggGANtmA/5dzXOG5TVOdzM4gEKHg # EB5dd+af1zKMWvChFBe7yuQ6Nl5FnL11kSrQQThUnRxopEI5LNNYTIe6R8jyFYHT # X0NgdTCFad+hPjplc7XkyGGWO3WJQuzFCSYovKFUMQ53iB+4fAr0b7MqeQ8Mtm+G # 3o1H+HLfMlu4+VVqHPcN/W6+6sTO1U90W5R+O+E1+pdsslnRR8TsMnynwhGQWgFX # oWFUyfOj0N3VJV50VKDuR0B6rz1QJCCTRaDPacyK04PvtFFruKRcweWoohMEeYZy # 9EhhdTOqsBipLF4qZV3H7yPiy1K1qy6Ny+4WaMop4VPfo06YPKc+XF/MjtQuE8ww # 5MDQNA8EjSEd0+g3hzOPt3HqlgUtNFM/lvwUsw7w5blXLpqP4lcbsumx95daiKV+ # jfqelL54iavxxmYZ1Px+cv+oE/v8JGL9RqkHFrcjVluN8cKy4OvCJjiYadKBtl8E # zPyaKJJSggWhivIx+9xLd3623slrz4BY1+dZCT1BoYIYzTCCGMkGCisGAQQBgjcD # AwExghi5MIIYtQYJKoZIhvcNAQcCoIIYpjCCGKICAQMxDzANBglghkgBZQMEAgIF # ADCB8wYLKoZIhvcNAQkQAQSggeMEgeAwgd0CAQEGCisGAQQBsjECAQEwMTANBglg # hkgBZQMEAgEFAAQgoG/yWIkkY5F8OK2/xLHhEJHsSRnlatqgXrx9Yx+CbwwCFEBo # ypjiszxb7FipRnKh+NeMOOsGGA8yMDI1MDEyNzE5MDI0NlqgcqRwMG4xCzAJBgNV # BAYTAkdCMRMwEQYDVQQIEwpNYW5jaGVzdGVyMRgwFgYDVQQKEw9TZWN0aWdvIExp # bWl0ZWQxMDAuBgNVBAMTJ1NlY3RpZ28gUHVibGljIFRpbWUgU3RhbXBpbmcgU2ln # bmVyIFIzNaCCEv8wggZdMIIExaADAgECAhA6UmoshM5V5h1l/MwS2OmJMA0GCSqG # SIb3DQEBDAUAMFUxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0 # ZWQxLDAqBgNVBAMTI1NlY3RpZ28gUHVibGljIFRpbWUgU3RhbXBpbmcgQ0EgUjM2 # MB4XDTI0MDExNTAwMDAwMFoXDTM1MDQxNDIzNTk1OVowbjELMAkGA1UEBhMCR0Ix # EzARBgNVBAgTCk1hbmNoZXN0ZXIxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEw # MC4GA1UEAxMnU2VjdGlnbyBQdWJsaWMgVGltZSBTdGFtcGluZyBTaWduZXIgUjM1 # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjdFn9MFIm739OEk6TWGB # m8PY3EWlYQQ2jQae45iWgPXUGVuYoIa1xjTGIyuw3suUSBzKiyG0/c/Yn++d5mG6 # IyayljuGT9DeXQU9k8GWWj2/BPoamg2fFctnPsdTYhMGxM06z1+Ft0Bav8ybww21 # ii/faiy+NhiUM195+cFqOtCpJXxZ/lm9tpjmVmEqpAlRpfGmLhNdkqiEuDFTuD1G # sV3jvuPuPGKUJTam3P53U4LM0UCxeDI8Qz40Qw9TPar6S02XExlc8X1YsiE6ETcT # z+g1ImQ1OqFwEaxsMj/WoJT18GG5KiNnS7n/X4iMwboAg3IjpcvEzw4AZCZowHyC # zYhnFRM4PuNMVHYcTXGgvuq9I7j4ke281x4e7/90Z5Wbk92RrLcS35hO30TABcGx # 3Q8+YLRy6o0k1w4jRefCMT7b5mTxtq5XPmKvtgfPuaWPkGZ/tbxInyNDA7YgOgcc # ULjp4+D56g2iuzRCsLQ9ac6AN4yRbqCYsG2rcIQ5INTyI2JzA2w1vsAHPRbUTeqV # LDuNOY2gYIoKBWQsPYVoyzaoBVU6O5TG+a1YyfWkgVVS9nXKs8hVti3VpOV3aeua # HnjgC6He2CCDL9aW6gteUe0AmC8XCtWwpePx6QW3ROZo8vSUe9AR7mMdu5+FzTmW # 8K13Bt8GX/YBFJO7LWzwKAUCAwEAAaOCAY4wggGKMB8GA1UdIwQYMBaAFF9Y7Uwx # eqJhQo1SgLqzYZcZojKbMB0GA1UdDgQWBBRo76QySWm2Ujgd6kM5LPQUap4MhTAO # BgNVHQ8BAf8EBAMCBsAwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEF # BQcDCDBKBgNVHSAEQzBBMDUGDCsGAQQBsjEBAgEDCDAlMCMGCCsGAQUFBwIBFhdo # dHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBBAIwSgYDVR0fBEMwQTA/oD2g # O4Y5aHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljVGltZVN0YW1w # aW5nQ0FSMzYuY3JsMHoGCCsGAQUFBwEBBG4wbDBFBggrBgEFBQcwAoY5aHR0cDov # L2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljVGltZVN0YW1waW5nQ0FSMzYu # Y3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG # 9w0BAQwFAAOCAYEAsNwuyfpPNkyKL/bJT9XvGE8fnw7Gv/4SetmOkjK9hPPa7/Ns # v5/MHuVus+aXwRFqM5Vu51qfrHTwnVExcP2EHKr7IR+m/Ub7PamaeWfle5x8D0x/ # MsysICs00xtSNVxFywCvXx55l6Wg3lXiPCui8N4s51mXS0Ht85fkXo3auZdo1O4l # HzJLYX4RZovlVWD5EfwV6Ve1G9UMslnm6pI0hyR0Zr95QWG0MpNPP0u05SHjq/Yk # PlDee3yYOECNMqnZ+j8onoUtZ0oC8CkbOOk/AOoV4kp/6Ql2gEp3bNC7DOTlaCmH # 24DjpVgryn8FMklqEoK4Z3IoUgV8R9qQLg1dr6/BjghGnj2XNA8ujta2Jyoxpqpv # yETZCYIUjIs69YiDjzftt37rQVwIZsfCYv+DU5sh/StFL1x4rgNj2t8GccUfa/V3 # iFFW9lfIJWWsvtlC5XOOOQswr1UmVdNWQem4LwrlLgcdO/YAnHqY52QwnBLiAuUn # uBeshWmfEb5oieIYMIIGFDCCA/ygAwIBAgIQeiOu2lNplg+RyD5c9MfjPzANBgkq # hkiG9w0BAQwFADBXMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1p # dGVkMS4wLAYDVQQDEyVTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIFJvb3Qg # UjQ2MB4XDTIxMDMyMjAwMDAwMFoXDTM2MDMyMTIzNTk1OVowVTELMAkGA1UEBhMC # R0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEsMCoGA1UEAxMjU2VjdGlnbyBQ # dWJsaWMgVGltZSBTdGFtcGluZyBDQSBSMzYwggGiMA0GCSqGSIb3DQEBAQUAA4IB # jwAwggGKAoIBgQDNmNhDQatugivs9jN+JjTkiYzT7yISgFQ+7yavjA6Bg+OiIjPm # /N/t3nC7wYUrUlY3mFyI32t2o6Ft3EtxJXCc5MmZQZ8AxCbh5c6WzeJDB9qkQVa4 # 6xiYEpc81KnBkAWgsaXnLURoYZzksHIzzCNxtIXnb9njZholGw9djnjkTdAA83ab # EOHQ4ujOGIaBhPXG2NdV8TNgFWZ9BojlAvflxNMCOwkCnzlH4oCw5+4v1nssWeN1 # y4+RlaOywwRMUi54fr2vFsU5QPrgb6tSjvEUh1EC4M29YGy/SIYM8ZpHadmVjbi3 # Pl8hJiTWw9jiCKv31pcAaeijS9fc6R7DgyyLIGflmdQMwrNRxCulVq8ZpysiSYNi # 79tw5RHWZUEhnRfs/hsp/fwkXsynu1jcsUX+HuG8FLa2BNheUPtOcgw+vHJcJ8Hn # JCrcUWhdFczf8O+pDiyGhVYX+bDDP3GhGS7TmKmGnbZ9N+MpEhWmbiAVPbgkqykS # kzyYVr15OApZYK8CAwEAAaOCAVwwggFYMB8GA1UdIwQYMBaAFPZ3at0//QET/xah # bIICL9AKPRQlMB0GA1UdDgQWBBRfWO1MMXqiYUKNUoC6s2GXGaIymzAOBgNVHQ8B # Af8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcD # CDARBgNVHSAECjAIMAYGBFUdIAAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2Ny # bC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljVGltZVN0YW1waW5nUm9vdFI0Ni5j # cmwwfAYIKwYBBQUHAQEEcDBuMEcGCCsGAQUFBzAChjtodHRwOi8vY3J0LnNlY3Rp # Z28uY29tL1NlY3RpZ29QdWJsaWNUaW1lU3RhbXBpbmdSb290UjQ2LnA3YzAjBggr # BgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcNAQEMBQAD # ggIBABLXeyCtDjVYDJ6BHSVY/UwtZ3Svx2ImIfZVVGnGoUaGdltoX4hDskBMZx5N # Y5L6SCcwDMZhHOmbyMhyOVJDwm1yrKYqGDHWzpwVkFJ+996jKKAXyIIaUf5JVKjc # cev3w16mNIUlNTkpJEor7edVJZiRJVCAmWAaHcw9zP0hY3gj+fWp8MbOocI9Zn78 # xvm9XKGBp6rEs9sEiq/pwzvg2/KjXE2yWUQIkms6+yslCRqNXPjEnBnxuUB1fm6b # PAV+Tsr/Qrd+mOCJemo06ldon4pJFbQd0TQVIMLv5koklInHvyaf6vATJP4DfPtK # zSBPkKlOtyaFTAjD2Nu+di5hErEVVaMqSVbfPzd6kNXOhYm23EWm6N2s2ZHCHVhl # UgHaC4ACMRCgXjYfQEDtYEK54dUwPJXV7icz0rgCzs9VI29DwsjVZFpO4ZIVR33L # wXyPDbYFkLqYmgHjR3tKVkhh9qKV2WCmBuC27pIOx6TYvyqiYbntinmpOqh/QPAn # hDgexKG9GX/n1PggkGi9HCapZp8fRwg8RftwS21Ln61euBG0yONM6noD2XQPrFwp # m3GcuqJMf0o8LLrFkSLRQNwxPDDkWXhW+gZswbaiie5fd/W2ygcto78XCSPfFWve # UOSZ5SqK95tBO8aTHmEa4lpJVD7HrTEn9jb1EGvxOb1cnn0CMIIGgjCCBGqgAwIB # AgIQNsKwvXwbOuejs902y8l1aDANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4w # HAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVz # dCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjEwMzIyMDAwMDAwWhcN # MzgwMTE4MjM1OTU5WjBXMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBM # aW1pdGVkMS4wLAYDVQQDEyVTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIFJv # b3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAiJ3YuUVnnR3d # 6LkmgZpUVMB8SQWbzFoVD9mUEES0QUCBdxSZqdTkdizICFNeINCSJS+lV1ipnW5i # hkQyC0cRLWXUJzodqpnMRs46npiJPHrfLBOifjfhpdXJ2aHHsPHggGsCi7uE0awq # KggE/LkYw3sqaBia67h/3awoqNvGqiFRJ+OTWYmUCO2GAXsePHi+/JUNAax3kpqs # tbl3vcTdOGhtKShvZIvjwulRH87rbukNyHGWX5tNK/WABKf+Gnoi4cmisS7oSimg # HUI0Wn/4elNd40BFdSZ1EwpuddZ+Wr7+Dfo0lcHflm/FDDrOJ3rWqauUP8hsokDo # I7D/yUVI9DAE/WK3Jl3C4LKwIpn1mNzMyptRwsXKrop06m7NUNHdlTDEMovXAIDG # AvYynPt5lutv8lZeI5w3MOlCybAZDpK3Dy1MKo+6aEtE9vtiTMzz/o2dYfdP0KWZ # wZIXbYsTIlg1YIetCpi5s14qiXOpRsKqFKqav9R1R5vj3NgevsAsvxsAnI8Oa5s2 # oy25qhsoBIGo/zi6GpxFj+mOdh35Xn91y72J4RGOJEoqzEIbW3q0b2iPuWLA911c # RxgY5SJYubvjay3nSMbBPPFsyl6mY4/WYucmyS9lo3l7jk27MAe145GWxK4O3m3g # EFEIkv7kRmefDR7Oe2T1HxAnICQvr9sCAwEAAaOCARYwggESMB8GA1UdIwQYMBaA # FFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBT2d2rdP/0BE/8WoWyCAi/Q # Cj0UJTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUEDDAK # BggrBgEFBQcDCDARBgNVHSAECjAIMAYGBFUdIAAwUAYDVR0fBEkwRzBFoEOgQYY/ # aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUNlcnRpZmljYXRp # b25BdXRob3JpdHkuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0 # cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEADr5lQe1o # RLjlocXUEYfktzsljOt+2sgXke3Y8UPEooU5y39rAARaAdAxUeiX1ktLJ3+lgxto # LQhn5cFb3GF2SSZRX8ptQ6IvuD3wz/LNHKpQ5nX8hjsDLRhsyeIiJsms9yAWnvdY # OdEMq1W61KE9JlBkB20XBee6JaXx4UBErc+YuoSb1SxVf7nkNtUjPfcxuFtrQdRM # Ri/fInV/AobE8Gw/8yBMQKKaHt5eia8ybT8Y/Ffa6HAJyz9gvEOcF1VWXG8OMeM7 # Vy7Bs6mSIkYeYtddU1ux1dQLbEGur18ut97wgGwDiGinCwKPyFO7ApcmVJOtlw9F # VJxw/mL1TbyBns4zOgkaXFnnfzg4qbSvnrwyj1NiurMp4pmAWjR+Pb/SIduPnmFz # bSN/G8reZCL4fvGlvPFk4Uab/JVCSmj59+/mB2Gn6G/UYOy8k60mKcmaAZsEVkhO # Fuoj4we8CYyaR9vd9PGZKSinaZIkvVjbH/3nlLb0a7SBIkiRzfPfS9T+JesylbHa # 1LtRV9U/7m0q7Ma2CQ/t392ioOssXW7oKLdOmMBl14suVFBmbzrt5V5cQPnwtd3U # OTpS9oCG+ZZheiIvPgkDmA8FzPsnfXW5qHELB43ET7HHFHeRPRYrMBKjkb8/IN7P # o0d0hQoF4TeMM+zYAJzoKQnVKOLg8pZVPT8xggSRMIIEjQIBATBpMFUxCzAJBgNV # BAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLDAqBgNVBAMTI1NlY3Rp # Z28gUHVibGljIFRpbWUgU3RhbXBpbmcgQ0EgUjM2AhA6UmoshM5V5h1l/MwS2OmJ # MA0GCWCGSAFlAwQCAgUAoIIB+TAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQw # HAYJKoZIhvcNAQkFMQ8XDTI1MDEyNzE5MDI0NlowPwYJKoZIhvcNAQkEMTIEME8L # f+xOQM0dMM3Gsqj48w5cjSbQpn9zB758rLExNsbBTCkrWzzbqSpxuHAQITTf1TCC # AXoGCyqGSIb3DQEJEAIMMYIBaTCCAWUwggFhMBYEFPhgmBmm+4gs9+hSl/KhGVIa # FndfMIGHBBTGrlTkeIbxfD1VEkiMacNKevnC3TBvMFukWTBXMQswCQYDVQQGEwJH # QjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS4wLAYDVQQDEyVTZWN0aWdvIFB1 # YmxpYyBUaW1lIFN0YW1waW5nIFJvb3QgUjQ2AhB6I67aU2mWD5HIPlz0x+M/MIG8 # BBSFPWMtk4KCYXzQkDXEkd6SwULaxzCBozCBjqSBizCBiDELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYD # VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBS # U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEDbCsL18Gzrno7PdNsvJdWgwDQYJ # KoZIhvcNAQEBBQAEggIAZek78kw1MNemmx6+yV8FysuQMeE38hu4oHNRBBtXk+h8 # mp9sKWIpN5rzUU4BVMzz/QLQyAPSja2yTSivBF6R8mfseary518l7P0COaxjRQi1 # 2dIErknUFGsQMXdhbmLS2sA26Gghkdo5ikPCePEdzen4EdAs5BEQUvIPGWai38H2 # 7qETGDxSmv9GAfXJPQ13lmqTkn+/6soYDr2feiKZkgq45bovVttOhx86M1r38H0I # bR1QpAeoSLu/YB8KFKsYbl+gBV70e7WQwrBC8S4J/njvj7I8ZX6jvBP7za9e9cAa # hzriuHxOKtSwRMztGAf66YeydyISOl/gC+yG/1KWzODVZ1IOoxhY/ei8CMcOj6V0 # U3/a820M64JdXoyYR0hh4Fq/d31hdF5jKea0JhtLf6sqn6pNeQoEpHrtZ9hG5W0h # hh+OLbmhbebA2TQEOyyVkUadrEX+UeCZ3ZquAzIJZzpJPWnyFp7oc8qqk//VYJZs # uvqnNXdP6kbJ+vU4tqvd7ORjX/pBlnG2IRYlOzYRFELtqQY7aiYGFkjJ4NBiXiCz # NK7kzZhYKqI/dfukbwGMcUvD/AYo08YVdET4KM/4S2agvhIrkAMk6dO3OiNjIxK9 # cHfoh672lips4w+4JOqumnQU5c1nwf32uEwq4Wch6akqnFqyNMg+q4Q5Z8OcrJQ= # SIG # End signature block