HP EliteBook 745 Sure Recover User Guide - Page 20
Sample key generation using OpenSSL, Working with the HP Client Management Script Library CMSL
View all HP EliteBook 745 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 20 highlights
Start-Sleep -Seconds 3 $p = New-HPSureRecoverDeprovisionPayload ` -SigningKeyPassword $skpw ` -SigningKeyFile "$path\sk.pfx" $p | Set-HPSecurePlatformPayload Start-Sleep -Seconds 3 Write-host 'Deprovisioning P21' $p = New-HPSecurePlatformDeprovisioningPayload ` -verbose ` -EndorsementKeyPassword $pw ` -EndorsementKeyFile "$Path\kek.pfx" $p | Set-HPSecurePlatformPayload Write-Host 'Final secure platform state:' Get-HPSecurePlatformState } Sample key generation using OpenSSL Store the private keys in a safe location. The public keys will be used for validation and must be provided during provisioning. These keys are required to be 2048 bits in length and use an exponent of 0x10001. Replace the subject in the examples with information about your organization. Set the following environment variable before proceeding: set OPENSSL_CONF=\openssl.cnf # Create a self-signed root CA certificate for testing openssl req -sha256 -nodes -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com" # Create a key endorsement certificate openssl req -sha256 -nodes -newkey rsa:2048 -keyout kek.key -out kek.csr subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com" openssl x509 -req -sha256 -in kek.csr -CA ca.crt -CAkey ca.key CAcreateserial -out kek.crt 14 Chapter 4 Working with the HP Client Management Script Library (CMSL)