iPXE discussion forum

Full Version: Possible bug when using self signed certificate
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr # enter IP as common name
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > server.pem

iPXE built with server.crt, server run with server.pem.

Not Working:

openssl genrsa -des3 -out ca-key.pem 2048
openssl req -new -key ca-key.pem -x509 -out ca-cert.pem
openssl genrsa -des3 -out server-key.pem 204
openssl req -new -key server-key.pem -x509 -out server.csr # enter IP as  common name
openssl x509 -x509toreq -in server.csr -signkey server-key.pem -out server.req
openssl x509 -req -in server.req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
cat server-key.pem server-cert.pem > server.pem

iPXE built with ca-cert.pem, server uses server.pem.

iPXE fails with https://ipxe.org/err/2d03e1

The server does not register an HTTP request being made. The packet dump shows iPXE sends ACK followed by FIN ACK after Server Hello Done.

curl --cacert ca-cert.pem
works, so the problem appears to lie in iPXE.
Reference URL's