# Copyright (C) 2021 Intel Corporation function Invoke-GenerateCSR { <# .Synopsis Generates a certificate signing request based on a key from the key store. .Description This cmdlet generates a certificate signing request based on a key from the key store. .Notes AMT Provisioning: The vPro client AMT firmware must be provisioned prior to accessing AMT functionality. This CMDLet will fail if it is run against a vPro client that has not been provisioned. AMT Client Authentication: To invoke commands against AMT enabled clients credentials to authenticate must be specified. When no credential is provided as a parameter, the script will use the local logged on Kerberos credential. When only the username (Kerberos or Digest) parameter is included the user will be prompted to provide the associated password. Credentials should be stored as a PowerShell variable then passed into the Cmdlet with the credential parameter. $AMTCredential = get-credential AMT Client Encryption: If the Intel vPro client has been configured to use TLS (a web server certificate has been issued to the Intel Management Engine) the Cmdlet must be called with a -TLS switch. When managing an Intel vPro client over TLS (Port 16993) it is important that the computername parameter matchs the primary subject name of the issued TLS certificate. Typically this is the fully qualified domain name (FQDN). If Mutual TLS is desired, the Cmdlet must be called with -TLS switch and with a valid certificate name from the certificate store in the -CertificateName parameter. Status: Status output designates if the Cmdlet was run successfully. For failed attempts additional status may be provided. .Link http:\\vproexpert.com http:\\www.intel.com\vpro http:\\www.intel.com .Example Invoke-GenerateCSR -ComputerName 192.168.168.10 -Username admin -Password Admin!98 -SigningAlgorithm SHA1-RSA -NullSignedRequestPath "newreq1.pem" Certificate Signing Request generated successfully! #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, position = 0,HelpMessage = "Hostname, FQDN, or IP Address")] [String[]] $ComputerName, [Parameter(Mandatory = $false, position = 1,HelpMessage = "Digest User")] [string] $Username, [Parameter(Mandatory = $false, position = 2,HelpMessage = "Digest Password")] [string] $Password, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true, ValueFromPipeline=$false, position=3, HelpMessage="Valid Ports are 16992 (non-TLS) or 16993 (TLS)")][ValidateSet("16992", "16993")] [String] $Port, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=4, HelpMessage="Use TLS (Port 16993)")] [switch] $TLS, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Accept self-signed certificate for TLS connection (skip any certificate checks.)")] [switch] $AcceptSelfSignedCert, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=5, HelpMessage="Name of certificate. (Use for mutual TLS)")] [string] $CertificateName, [Parameter(Mandatory = $true, position = 7,HelpMessage = "Valid Signing Algotirhms are: SHA1-RSA, and SHA256-RSA")][ValidateSet("SHA1-RSA", "SHA256-RSA")] [string] $SigningAlgorithm, [Parameter(Mandatory = $false, position = 8,HelpMessage = "Path to a null signed certificate request file")] [string] $NullSignedRequestPath ) PROCESS { function GetNullRequestBlob { $readFile = [System.IO.File]::OpenText($NullSignedRequestPath ) # These are the certificate request opening and closing tags we use for this PS script, user can add more types $BEGIN = "-----BEGIN CERTIFICATE REQUEST-----" $END = "-----END CERTIFICATE REQUEST-----" [bool]$read = $false While(!$readFile.EndOfStream) { $line = $readFile.ReadLine() IF($line -match $BEGIN) { $read = $true $requestBlob = $null While($read -and !$readFile.EndOfStream) { $line = $readFile.ReadLine() IF($line -notmatch $END) { $requestBlob += $line } ELSE { $read = $false } } } } $readFile.Close() if($read -or !$requestBlob) # Incorrect or missing closing tag { throw "Incorrect file content`n" return } return $requestBlob } $Results = @() $Results += "`n" try { # Create a connection object $wsmanConnectionObject = New-Object Intel.Management.Wsman.WsmanConnection if ($Credential.username.Length -gt 0) { $wsmanConnectionObject.SetCredentials($Credential.Username, $Credential.Password) } elseif ($Username.length -gt 0) { if ($Password.length -gt 0) { $wsmanConnectionObject.SetCredentials($Username, $Password) } else { $Cred = Get-Credential $Username $wsmanConnectionObject.SetCredentials($Cred.Username, $Cred.Password) } } if ($Port -ne "16993") { if ($TLS.IsPresent) { $Port = 16993; } else { $Port = 16992; } } if($CertificateName.Length -gt 0) { $wsmanConnectionObject.Options.SetClientCertificateByCertificateName($CertificateName) } if($AcceptSelfSignedCert.IsPresent) { $wsmanConnectionObject.Options.AcceptSelfSignedCertificate=$true; } ForEach ($Comp in $ComputerName) { # Attempt Connection with Client $wsmanConnectionObject.SetHost($Comp, $Port) if( -not $wsmanConnectionObject) { $Results += "Cannot connenct `n" } # Get Null signed request content $nullSigningRequest = GetNullRequestBlob # Defining Signing Algorithm switch($SigningAlgorithm) { "SHA1-RSA" { $SigningAlgorithmProperty = "0" break } "SHA256-RSA" { $SigningAlgorithmProperty = "1" break } } $success = $false $PublicPrivateKeyPairRef_Enum = $wsmanConnectionObject.NewReference("AMT_PublicPrivateKeyPair").Enumerate() foreach ($KeyPairInstance in $PublicPrivateKeyPairRef_Enum) { # Generate CSR using GeneratePKCS10RequestEx method $publicKeyManagementServiceRef = $wsmanConnectionObject.NewReference("SELECT * FROM AMT_PublicKeyManagementService WHERE Name='Intel(r) AMT Public Key Management Service'") $inputObject = $publicKeyManagementServiceRef.CreateMethodInput("GeneratePKCS10RequestEx") $inputObject.SetProperty("KeyPair", $KeyPairInstance.Object.ToReference("InstanceID")) $inputObject.SetProperty("SigningAlgorithm", $SigningAlgorithmProperty) $inputObject.SetProperty("NullSignedCertificateRequest", $nullSigningRequest) $outputObject = $publicKeyManagementServiceRef.InvokeMethod($inputObject) $returnValue = $outputObject.GetProperty("ReturnValue") if($returnValue -like "0") { # The signed certificate request is needed later on in the flow. # Please note that this signed certificate request data is sensitive and should be kept secret, so pay attention to properly protect it in your implementation. # $signedCertificateRequest = $outputObject.GetProperty("SignedCertificateRequest") $Results += "Certificate Signing Request generated successfully! `n" $success = $true break } } if(-not $success) { $Results += "Generate CSR - Failed." $Results += "ErrorCode: $returnValue" if($returnValue -like "36") { $Results += "Reason: Invalid Parameter." } } } } catch { $Results += "Exception Thrown:" $Results += $_.Exception.Message } # Set back to false for the next cmdlet, if PS is still open $wsmanConnectionObject.Options.AcceptSelfSignedCertificate=$false; Write-Output $Results } } # SIG # Begin signature block # MIItjAYJKoZIhvcNAQcCoIItfTCCLXkCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBhLRBR7wd869MS # k47Ie5st3lUceYxTOyjUpiajAxlkUaCCEX4wggVvMIIEV6ADAgECAhBI/JO0YFWU # jTanyYqJ1pQWMA0GCSqGSIb3DQEBDAUAMHsxCzAJBgNVBAYTAkdCMRswGQYDVQQI # DBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoM # EUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDDBhBQUEgQ2VydGlmaWNhdGUgU2Vy # dmljZXMwHhcNMjEwNTI1MDAwMDAwWhcNMjgxMjMxMjM1OTU5WjBWMQswCQYDVQQG # EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRTZWN0aWdv # IFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQCN55QSIgQkdC7/FiMCkoq2rjaFrEfUI5ErPtx94jGgUW+s # hJHjUoq14pbe0IdjJImK/+8Skzt9u7aKvb0Ffyeba2XTpQxpsbxJOZrxbW6q5KCD # J9qaDStQ6Utbs7hkNqR+Sj2pcaths3OzPAsM79szV+W+NDfjlxtd/R8SPYIDdub7 # P2bSlDFp+m2zNKzBenjcklDyZMeqLQSrw2rq4C+np9xu1+j/2iGrQL+57g2extme # me/G3h+pDHazJyCh1rr9gOcB0u/rgimVcI3/uxXP/tEPNqIuTzKQdEZrRzUTdwUz # T2MuuC3hv2WnBGsY2HH6zAjybYmZELGt2z4s5KoYsMYHAXVn3m3pY2MeNn9pib6q # RT5uWl+PoVvLnTCGMOgDs0DGDQ84zWeoU4j6uDBl+m/H5x2xg3RpPqzEaDux5mcz # mrYI4IAFSEDu9oJkRqj1c7AGlfJsZZ+/VVscnFcax3hGfHCqlBuCF6yH6bbJDoEc # QNYWFyn8XJwYK+pF9e+91WdPKF4F7pBMeufG9ND8+s0+MkYTIDaKBOq3qgdGnA2T # OglmmVhcKaO5DKYwODzQRjY1fJy67sPV+Qp2+n4FG0DKkjXp1XrRtX8ArqmQqsV/ # AZwQsRb8zG4Y3G9i/qZQp7h7uJ0VP/4gDHXIIloTlRmQAOka1cKG8eOO7F/05QID # AQABo4IBEjCCAQ4wHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYD # VR0OBBYEFDLrkpr/NZZILyhAQnAgNpFcF4XmMA4GA1UdDwEB/wQEAwIBhjAPBgNV # HRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMDMBsGA1UdIAQUMBIwBgYE # VR0gADAIBgZngQwBBAEwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21v # ZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEE # KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZI # hvcNAQEMBQADggEBABK/oe+LdJqYRLhpRrWrJAoMpIpnuDqBv0WKfVIHqI0fTiGF # OaNrXi0ghr8QuK55O1PNtPvYRL4G2VxjZ9RAFodEhnIq1jIV9RKDwvnhXRFAZ/ZC # J3LFI+ICOBpMIOLbAffNRk8monxmwFE2tokCVMf8WPtsAO7+mKYulaEMUykfb9gZ # pk+e96wJ6l2CxouvgKe9gUhShDHaMuwV5KZMPWw5c9QLhTkg4IUaaOGnSDip0TYl # d8GNGRbFiExmfS9jzpjoad+sPKhdnckcW67Y8y90z7h+9teDnRGWYpquRRPaf9xH # +9/DUp/mBlXpnYzyOmJRvOwkDynUWICE5EV7WtgwggXpMIIEUaADAgECAhEA/lzU # lQGKZRek0E74e2uTOjANBgkqhkiG9w0BAQwFADBUMQswCQYDVQQGEwJHQjEYMBYG # A1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQDEyJTZWN0aWdvIFB1YmxpYyBD # b2RlIFNpZ25pbmcgQ0EgUjM2MB4XDTI0MDMxMzAwMDAwMFoXDTI1MDMxMzIzNTk1 # OVowWjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGjAYBgNVBAoM # EUludGVsIENvcnBvcmF0aW9uMRowGAYDVQQDDBFJbnRlbCBDb3Jwb3JhdGlvbjCC # AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAI69Cz15squYBdM5ZXnjFBNn # vqzI4WUgaQ/PjBKog2t/IkSByXK+3K1m4CwQtTgqpMCD193E3A/xDHmWVEvpCKUB # +xc8c/8FE6TymrIKA/0UH7jVesLgCo0AxfM0dkcqrvLKvnchseekdaM2b+E41NSj # AhhWgGp1LoTZyrAOJNpGsPIfgA/0+J6RCECh9BARbXCRXAnzTuPtWDXfKlOwSa4+ # o2tJM7TPNALTJSLHoZbvfUOpgOh+0lWx49himoW6lfDt5cZDPOT8wNwpd5DWwB8M # hzLfNEpbvR/85s8SP/dWRrAVkSRxS1wqIZa9OsxD+rjBBIe8JDR1Y9hjGBUKybMA # Y30Pp8rDpFeH1Ya1A8gNeae8KRSlacroyoxhRviL9n8nCZIhiqL6Q0Qu9cJGwlYi # L9mAMRyVPI3BHf0s6r6BRqt8yBYP/2dsgc4z9YV9DGJUaKz2kjwud1OJZupFDZio # +shzbO/h78iJSQiMVHgMVFEVOZFERE3dVSEFsWdPAwIDAQABo4IBrjCCAaowHwYD # VR0jBBgwFoAUDyrLIIcouOxvSK4rVKYpqhekzQwwHQYDVR0OBBYEFCjtPWp/OnUU # 51aXAiBwcQ/gvYfGMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1Ud # JQQMMAoGCCsGAQUFBwMDMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMCMCUwIwYI # KwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEATBJBgNV # HR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJs # aWNDb2RlU2lnbmluZ0NBUjM2LmNybDB5BggrBgEFBQcBAQRtMGswRAYIKwYBBQUH # MAKGOGh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWdu # aW5nQ0FSMzYuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNv # bTAjBgNVHREEHDAagRhwa2llbmdpbmVlcmluZ0BpbnRlbC5jb20wDQYJKoZIhvcN # AQEMBQADggGBAB01WGV1cWjtTCQGkNtDRpmS08NuUis1F2+0cwIrk2dY8tXKiZ5R # supkBKWfpjNSHdW79DvVCotBbyRYUdDSeFkQ8jRPm+vlzyFhRWuW4qSYcIlx6qia # pGZEFsvmEEXMnwG9zEEeKsYlnM/ZSI23uLZCXyhJx35G2PpBr3tMym6gIvta5Dml # 4S/XEJJI/ZvIKhPO5QUemCS07S9QN7SOKeEkk1LdV1ccCBNtRpAzmGVr4iYS4pbV # r8yishYe25TSAPeWEy9PYEMnjZbQQS8lD8XFB6gfiTJLFCCzIKsHzMIk+FuJlwVl # q4ec/Wrx0+fpVeo2SPJZI/iE82gtD5oywotprC47MdvVlcvbePYnHoJqqRtnhX+E # 6jlGRtnhUCPV+BsRScp4v8DIUJGdV5AzS5rYu3YhJGDJgTgPGvBtmvaPeJtxcKzX # UnMpPtanuJgW3o1ucSo9SKb9dNqFcLcOUVD2lDjh85Z0anJom924xhVm4cGNWSF7 # az8cVA6zH/Rc6DCCBhowggQCoAMCAQICEGIdbQxSAZ47kHkVIIkhHAowDQYJKoZI # hvcNAQEMBQAwVjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRl # ZDEtMCsGA1UEAxMkU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIFJvb3QgUjQ2 # MB4XDTIxMDMyMjAwMDAwMFoXDTM2MDMyMTIzNTk1OVowVDELMAkGA1UEBhMCR0Ix # GDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDErMCkGA1UEAxMiU2VjdGlnbyBQdWJs # aWMgQ29kZSBTaWduaW5nIENBIFIzNjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC # AYoCggGBAJsrnVP6NT+OYAZDasDP9X/2yFNTGMjO02x+/FgHlRd5ZTMLER4ARkZs # Q3hAyAKwktlQqFZOGP/I+rLSJJmFeRno+DYDY1UOAWKA4xjMHY4qF2p9YZWhhbeF # pPb09JNqFiTCYy/Rv/zedt4QJuIxeFI61tqb7/foXT1/LW2wHyN79FXSYiTxcv+1 # 8Irpw+5gcTbXnDOsrSHVJYdPE9s+5iRF2Q/TlnCZGZOcA7n9qudjzeN43OE/TpKF # 2dGq1mVXn37zK/4oiETkgsyqA5lgAQ0c1f1IkOb6rGnhWqkHcxX+HnfKXjVodTmm # V52L2UIFsf0l4iQ0UgKJUc2RGarhOnG3B++OxR53LPys3J9AnL9o6zlviz5pzsgf # rQH4lrtNUz4Qq/Va5MbBwuahTcWk4UxuY+PynPjgw9nV/35gRAhC3L81B3/bIaBb # 659+Vxn9kT2jUztrkmep/aLb+4xJbKZHyvahAEx2XKHafkeKtjiMqcUf/2BG935A # 591GsllvWwIDAQABo4IBZDCCAWAwHwYDVR0jBBgwFoAUMuuSmv81lkgvKEBCcCA2 # kVwXheYwHQYDVR0OBBYEFA8qyyCHKLjsb0iuK1SmKaoXpM0MMA4GA1UdDwEB/wQE # AwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMBsG # A1UdIAQUMBIwBgYEVR0gADAIBgZngQwBBAEwSwYDVR0fBEQwQjBAoD6gPIY6aHR0 # cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdSb290 # UjQ2LmNybDB7BggrBgEFBQcBAQRvMG0wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jcnQu # c2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9vdFI0Ni5wN2Mw # IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEB # DAUAA4ICAQAG/4Lhd2M2bnuhFSCbE/8E/ph1RGHDVpVx0ZE/haHrQECxyNbgcv2F # ymQ5PPmNS6Dah66dtgCjBsULYAor5wxxcgEPRl05pZOzI3IEGwwsepp+8iGsLKaV # pL3z5CmgELIqmk/Q5zFgR1TSGmxqoEEhk60FqONzDn7D8p4W89h8sX+V1imaUb69 # 3TGqWp3T32IKGfIgy9jkd7GM7YCa2xulWfQ6E1xZtYNEX/ewGnp9ZeHPsNwwviJM # BZL4xVd40uPWUnOJUoSiugaz0yWLODRtQxs5qU6E58KKmfHwJotl5WZ7nIQuDT0m # WjwEx7zSM7fs9Tx6N+Q/3+49qTtUvAQsrEAxwmzOTJ6Jp6uWmHCgrHW4dHM3ITpv # G5Ipy62KyqYovk5O6cC+040Si15KJpuQ9VJnbPvqYqfMB9nEKX/d2rd1Q3DiuDex # MKCCQdJGpOqUsxLuCOuFOoGbO7Uv3RjUpY39jkkp0a+yls6tN85fJe+Y8voTnbPU # 1knpy24wUFBkfenBa+pRFHwCBB1QtS+vGNRhsceP3kSPNrrfN2sRzFYsNfrFaWz8 # YOdU254qNZQfd9O/VjxZ2Gjr3xgANHtM3HxfzPYF6/pKK8EE4dj66qKKtm2DTL1K # FCg/OYJyfrdLJq1q2/HXntgr2GVw+ZWhrWgMTn8v1SjZsLlrgIfZHDGCG2Qwghtg # AgEBMGkwVDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEr # MCkGA1UEAxMiU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIFIzNgIRAP5c # 1JUBimUXpNBO+HtrkzowDQYJYIZIAWUDBAIBBQCgfDAQBgorBgEEAYI3AgEMMQIw # ADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYK # KwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQg2Ks9IlN+ZBBMqAfkAcPP6MgKPrj0 # 1FGJalVMIg5POjwwDQYJKoZIhvcNAQEBBQAEggGAAsvUsINXKcUO1A92tvQay3uX # f+QHE4yQINqPfC4aOVqJapaivsYSQw3Vzwjz69dWZTA5hci60GSFCFQf0NpEbV1q # WPup3JJk/nVmVedjPRXlWDVrfW4BPa78dV83rFVBeauGxKd7qX0oEleGsnmFVLkQ # 5PTwKzK/R5x6glPF60VYIbDd59o15ykOT3R1hY3WXowYZLHRSbQUShkAKul1AeBd # UZt8nH6Q+olbT08KwkRgrXqmMEO/n4g4E8qVKL2LKwU+5qr3HUyqalHR2hRtlr6L # 4EvccfSGemH6N+dguOO9yb9UL+flKe1E7uB1tGvN5+Ap2eeu+5lcjJmU0vGuY4Qc # MBTGna3Ym7J6ZpMx3A3V7fdh9wdthn8nMvXcL5/mn6vHfeMsLg2ML1A6+c+3HvPN # 0qhmVR+az1t3ofYN0j7gwBdqjIR0NG85X0Et9/FlZ154cab5MS1ZVKDQmaNVaex4 # fsi+Wo796aITBsBd7+ZTK8d5euLf8h5bAkApvZJtoYIYzjCCGMoGCisGAQQBgjcD # AwExghi6MIIYtgYJKoZIhvcNAQcCoIIYpzCCGKMCAQMxDzANBglghkgBZQMEAgIF # ADCB9AYLKoZIhvcNAQkQAQSggeQEgeEwgd4CAQEGCisGAQQBsjECAQEwMTANBglg # hkgBZQMEAgEFAAQgrNVuTYko0opHWhy8JrdPImqKNplq67LJv8kVBXNTXAsCFQC0 # HdEoZSacnJspla/XBXfz+l7udxgPMjAyNTAxMjcxOTAyNTRaoHKkcDBuMQswCQYD # VQQGEwJHQjETMBEGA1UECBMKTWFuY2hlc3RlcjEYMBYGA1UEChMPU2VjdGlnbyBM # aW1pdGVkMTAwLgYDVQQDEydTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIFNp # Z25lciBSMzWgghL/MIIGXTCCBMWgAwIBAgIQOlJqLITOVeYdZfzMEtjpiTANBgkq # hkiG9w0BAQwFADBVMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1p # dGVkMSwwKgYDVQQDEyNTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIENBIFIz # NjAeFw0yNDAxMTUwMDAwMDBaFw0zNTA0MTQyMzU5NTlaMG4xCzAJBgNVBAYTAkdC # MRMwEQYDVQQIEwpNYW5jaGVzdGVyMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQx # MDAuBgNVBAMTJ1NlY3RpZ28gUHVibGljIFRpbWUgU3RhbXBpbmcgU2lnbmVyIFIz # NTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAI3RZ/TBSJu9/ThJOk1h # gZvD2NxFpWEENo0GnuOYloD11BlbmKCGtcY0xiMrsN7LlEgcyoshtP3P2J/vneZh # uiMmspY7hk/Q3l0FPZPBllo9vwT6GpoNnxXLZz7HU2ITBsTNOs9fhbdAWr/Mm8MN # tYov32osvjYYlDNfefnBajrQqSV8Wf5ZvbaY5lZhKqQJUaXxpi4TXZKohLgxU7g9 # RrFd477j7jxilCU2ptz+d1OCzNFAsXgyPEM+NEMPUz2q+ktNlxMZXPF9WLIhOhE3 # E8/oNSJkNTqhcBGsbDI/1qCU9fBhuSojZ0u5/1+IjMG6AINyI6XLxM8OAGQmaMB8 # gs2IZxUTOD7jTFR2HE1xoL7qvSO4+JHtvNceHu//dGeVm5Pdkay3Et+YTt9EwAXB # sd0PPmC0cuqNJNcOI0XnwjE+2+Zk8bauVz5ir7YHz7mlj5Bmf7W8SJ8jQwO2IDoH # HFC46ePg+eoNors0QrC0PWnOgDeMkW6gmLBtq3CEOSDU8iNicwNsNb7ABz0W1E3q # lSw7jTmNoGCKCgVkLD2FaMs2qAVVOjuUxvmtWMn1pIFVUvZ1yrPIVbYt1aTld2nr # mh544Auh3tgggy/WluoLXlHtAJgvFwrVsKXj8ekFt0TmaPL0lHvQEe5jHbufhc05 # lvCtdwbfBl/2ARSTuy1s8CgFAgMBAAGjggGOMIIBijAfBgNVHSMEGDAWgBRfWO1M # MXqiYUKNUoC6s2GXGaIymzAdBgNVHQ4EFgQUaO+kMklptlI4HepDOSz0FGqeDIUw # DgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYB # BQUHAwgwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwgwJTAjBggrBgEFBQcCARYX # aHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQQCMEoGA1UdHwRDMEEwP6A9 # oDuGOWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1RpbWVTdGFt # cGluZ0NBUjM2LmNybDB6BggrBgEFBQcBAQRuMGwwRQYIKwYBBQUHMAKGOWh0dHA6 # Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1RpbWVTdGFtcGluZ0NBUjM2 # LmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZI # hvcNAQEMBQADggGBALDcLsn6TzZMii/2yU/V7xhPH58Oxr/+EnrZjpIyvYTz2u/z # bL+fzB7lbrPml8ERajOVbudan6x08J1RMXD9hByq+yEfpv1G+z2pmnln5XucfA9M # fzLMrCArNNMbUjVcRcsAr18eeZeloN5V4jwrovDeLOdZl0tB7fOX5F6N2rmXaNTu # JR8yS2F+EWaL5VVg+RH8FelXtRvVDLJZ5uqSNIckdGa/eUFhtDKTTz9LtOUh46v2 # JD5Q3nt8mDhAjTKp2fo/KJ6FLWdKAvApGzjpPwDqFeJKf+kJdoBKd2zQuwzk5Wgp # h9uA46VYK8p/BTJJahKCuGdyKFIFfEfakC4NXa+vwY4IRp49lzQPLo7WticqMaaq # b8hE2QmCFIyLOvWIg4837bd+60FcCGbHwmL/g1ObIf0rRS9ceK4DY9rfBnHFH2v1 # d4hRVvZXyCVlrL7ZQuVzjjkLMK9VJlXTVkHpuC8K5S4HHTv2AJx6mOdkMJwS4gLl # J7gXrIVpnxG+aIniGDCCBhQwggP8oAMCAQICEHojrtpTaZYPkcg+XPTH4z8wDQYJ # KoZIhvcNAQEMBQAwVzELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGlt # aXRlZDEuMCwGA1UEAxMlU2VjdGlnbyBQdWJsaWMgVGltZSBTdGFtcGluZyBSb290 # IFI0NjAeFw0yMTAzMjIwMDAwMDBaFw0zNjAzMjEyMzU5NTlaMFUxCzAJBgNVBAYT # AkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLDAqBgNVBAMTI1NlY3RpZ28g # UHVibGljIFRpbWUgU3RhbXBpbmcgQ0EgUjM2MIIBojANBgkqhkiG9w0BAQEFAAOC # AY8AMIIBigKCAYEAzZjYQ0GrboIr7PYzfiY05ImM0+8iEoBUPu8mr4wOgYPjoiIz # 5vzf7d5wu8GFK1JWN5hciN9rdqOhbdxLcSVwnOTJmUGfAMQm4eXOls3iQwfapEFW # uOsYmBKXPNSpwZAFoLGl5y1EaGGc5LByM8wjcbSF52/Z42YaJRsPXY545E3QAPN2 # mxDh0OLozhiGgYT1xtjXVfEzYBVmfQaI5QL35cTTAjsJAp85R+KAsOfuL9Z7LFnj # dcuPkZWjssMETFIueH69rxbFOUD64G+rUo7xFIdRAuDNvWBsv0iGDPGaR2nZlY24 # tz5fISYk1sPY4gir99aXAGnoo0vX3Okew4MsiyBn5ZnUDMKzUcQrpVavGacrIkmD # Yu/bcOUR1mVBIZ0X7P4bKf38JF7Mp7tY3LFF/h7hvBS2tgTYXlD7TnIMPrxyXCfB # 5yQq3FFoXRXM3/DvqQ4shoVWF/mwwz9xoRku05iphp22fTfjKRIVpm4gFT24JKsp # EpM8mFa9eTgKWWCvAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBT2d2rdP/0BE/8W # oWyCAi/QCj0UJTAdBgNVHQ4EFgQUX1jtTDF6omFCjVKAurNhlxmiMpswDgYDVR0P # AQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUH # AwgwEQYDVR0gBAowCDAGBgRVHSAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9j # cmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1RpbWVTdGFtcGluZ1Jvb3RSNDYu # Y3JsMHwGCCsGAQUFBwEBBHAwbjBHBggrBgEFBQcwAoY7aHR0cDovL2NydC5zZWN0 # aWdvLmNvbS9TZWN0aWdvUHVibGljVGltZVN0YW1waW5nUm9vdFI0Ni5wN2MwIwYI # KwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUA # A4ICAQAS13sgrQ41WAyegR0lWP1MLWd0r8diJiH2VVRpxqFGhnZbaF+IQ7JATGce # TWOS+kgnMAzGYRzpm8jIcjlSQ8JtcqymKhgx1s6cFZBSfvfeoyigF8iCGlH+SVSo # 3HHr98NepjSFJTU5KSRKK+3nVSWYkSVQgJlgGh3MPcz9IWN4I/n1qfDGzqHCPWZ+ # /Mb5vVyhgaeqxLPbBIqv6cM74Nvyo1xNsllECJJrOvsrJQkajVz4xJwZ8blAdX5u # mzwFfk7K/0K3fpjgiXpqNOpXaJ+KSRW0HdE0FSDC7+ZKJJSJx78mn+rwEyT+A3z7 # Ss0gT5CpTrcmhUwIw9jbvnYuYRKxFVWjKklW3z83epDVzoWJttxFpujdrNmRwh1Y # ZVIB2guAAjEQoF42H0BA7WBCueHVMDyV1e4nM9K4As7PVSNvQ8LI1WRaTuGSFUd9 # y8F8jw22BZC6mJoB40d7SlZIYfaildlgpgbgtu6SDsek2L8qomG57Yp5qTqof0Dw # J4Q4HsShvRl/59T4IJBovRwmqWafH0cIPEX7cEttS5+tXrgRtMjjTOp6A9l0D6xc # KZtxnLqiTH9KPCy6xZEi0UDcMTww5Fl4VvoGbMG2oonuX3f1tsoHLaO/Fwkj3xVr # 3lDkmeUqivebQTvGkx5hGuJaSVQ+x60xJ/Y29RBr8Tm9XJ59AjCCBoIwggRqoAMC # AQICEDbCsL18Gzrno7PdNsvJdWgwDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYT # AlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEe # MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1 # c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIxMDMyMjAwMDAwMFoX # DTM4MDExODIzNTk1OVowVzELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28g # TGltaXRlZDEuMCwGA1UEAxMlU2VjdGlnbyBQdWJsaWMgVGltZSBTdGFtcGluZyBS # b290IFI0NjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIid2LlFZ50d # 3ei5JoGaVFTAfEkFm8xaFQ/ZlBBEtEFAgXcUmanU5HYsyAhTXiDQkiUvpVdYqZ1u # YoZEMgtHES1l1Cc6HaqZzEbOOp6YiTx63ywTon434aXVydmhx7Dx4IBrAou7hNGs # KioIBPy5GMN7KmgYmuu4f92sKKjbxqohUSfjk1mJlAjthgF7Hjx4vvyVDQGsd5Ka # rLW5d73E3ThobSkob2SL48LpUR/O627pDchxll+bTSv1gASn/hp6IuHJorEu6Eop # oB1CNFp/+HpTXeNARXUmdRMKbnXWflq+/g36NJXB35ZvxQw6zid61qmrlD/IbKJA # 6COw/8lFSPQwBP1ityZdwuCysCKZ9ZjczMqbUcLFyq6KdOpuzVDR3ZUwxDKL1wCA # xgL2Mpz7eZbrb/JWXiOcNzDpQsmwGQ6Stw8tTCqPumhLRPb7YkzM8/6NnWH3T9Cl # mcGSF22LEyJYNWCHrQqYubNeKolzqUbCqhSqmr/UdUeb49zYHr7ALL8bAJyPDmub # NqMtuaobKASBqP84uhqcRY/pjnYd+V5/dcu9ieERjiRKKsxCG1t6tG9oj7liwPdd # XEcYGOUiWLm742st50jGwTzxbMpepmOP1mLnJskvZaN5e45NuzAHteORlsSuDt5t # 4BBRCJL+5EZnnw0ezntk9R8QJyAkL6/bAgMBAAGjggEWMIIBEjAfBgNVHSMEGDAW # gBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQU9ndq3T/9ARP/FqFsggIv # 0Ao9FCUwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAww # CgYIKwYBBQUHAwgwEQYDVR0gBAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGG # P2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0 # aW9uQXV0aG9yaXR5LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 # dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIBAA6+ZUHt # aES45aHF1BGH5Lc7JYzrftrIF5Ht2PFDxKKFOct/awAEWgHQMVHol9ZLSyd/pYMb # aC0IZ+XBW9xhdkkmUV/KbUOiL7g98M/yzRyqUOZ1/IY7Ay0YbMniIibJrPcgFp73 # WDnRDKtVutShPSZQZAdtFwXnuiWl8eFARK3PmLqEm9UsVX+55DbVIz33Mbhba0HU # TEYv3yJ1fwKGxPBsP/MgTECimh7eXomvMm0/GPxX2uhwCcs/YLxDnBdVVlxvDjHj # O1cuwbOpkiJGHmLXXVNbsdXUC2xBrq9fLrfe8IBsA4hopwsCj8hTuwKXJlSTrZcP # RVSccP5i9U28gZ7OMzoJGlxZ5384OKm0r568Mo9TYrqzKeKZgFo0fj2/0iHbj55h # c20jfxvK3mQi+H7xpbzxZOFGm/yVQkpo+ffv5gdhp+hv1GDsvJOtJinJmgGbBFZI # ThbqI+MHvAmMmkfb3fTxmSkop2mSJL1Y2x/955S29Gu0gSJIkc3z30vU/iXrMpWx # 2tS7UVfVP+5tKuzGtgkP7d/doqDrLF1u6Ci3TpjAZdeLLlRQZm867eVeXED58LXd # 1Dk6UvaAhvmWYXoiLz4JA5gPBcz7J311uahxCweNxE+xxxR3kT0WKzASo5G/PyDe # z6NHdIUKBeE3jDPs2ACc6CkJ1Sji4PKWVT0/MYIEkTCCBI0CAQEwaTBVMQswCQYD # VQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSwwKgYDVQQDEyNTZWN0 # aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIENBIFIzNgIQOlJqLITOVeYdZfzMEtjp # iTANBglghkgBZQMEAgIFAKCCAfkwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE # MBwGCSqGSIb3DQEJBTEPFw0yNTAxMjcxOTAyNTRaMD8GCSqGSIb3DQEJBDEyBDBl # V45J3IGsHhXr8HzKJJeMCcxGqi4y+2zNhO+FBDgeutUkA1uOiINZ0DiiLJNdPfMw # ggF6BgsqhkiG9w0BCRACDDGCAWkwggFlMIIBYTAWBBT4YJgZpvuILPfoUpfyoRlS # GhZ3XzCBhwQUxq5U5HiG8Xw9VRJIjGnDSnr5wt0wbzBbpFkwVzELMAkGA1UEBhMC # R0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEuMCwGA1UEAxMlU2VjdGlnbyBQ # dWJsaWMgVGltZSBTdGFtcGluZyBSb290IFI0NgIQeiOu2lNplg+RyD5c9MfjPzCB # vAQUhT1jLZOCgmF80JA1xJHeksFC2scwgaMwgY6kgYswgYgxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwG # A1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3Qg # UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhA2wrC9fBs656Oz3TbLyXVoMA0G # CSqGSIb3DQEBAQUABIICAFy/AQBabPKDPeDaGXENbCFVDZ9fMap3DRhENay3QEqf # GTTu3bMlvx8DIGa5hkeHL8Cf3x5A47jYZmgP1RTE8GHVj/PL0k7jIiMEVvWV7qIH # 6FVjkH1K8S+jwCrS6yTt2mSTYTaX6vos4pgREMslRnb3L2NL7SG0GkurbJNLHpA9 # xaRK0jmswZKjRhjqosJ9/wH/0x1B3PryZTfME/olf9W6UtqjJM25pke/q4JhUZ7z # KHGs533DcVmloitTH7x0xFMS87t7Y0IVjY6jXQO5zQdS1CP7FDmwQrixzyNNY1oe # dTxmTxLxGVAkH1Xvv+ySbDhQnGueyypQyGBjGCSgb5H2t5kHfNaSZCi+NPC1OM73 # 6B0tKVQOYb4Zll9jC7DH9SRe0/EY/r7A5WUa8rmKohwgMuh5Z+rRDF9lRq3Om1S7 # ojqCiZDa1FCH0n2ARdoeVkefcefz6LI1ftQetjJIn3ZDACV1v6h7XVk9pZ7W1zeo # 5rGWZmpxH/gcqX1JQ5f3KyxaoGm03XOgzR0jk/n6gxbICgc1VXiNwgyGCDKqqkSV # Mr6TsgIk1zFsQG0EJLset9P01RTL+Jb35fztfpsSzCY+0rkeoRSost8rN3UpU3tC # pfE1gy7QG94p/EYdWs5c6pQk4O7OYFkf2yXoq5+sNe5k6U6ALyVWiwvIhm1E+CxK # SIG # End signature block