2020-07-03, 16:32
Working:
iPXE built with server.crt, server run with server.pem.
Not Working:
iPXE built with ca-cert.pem, server uses server.pem.
iPXE fails with https://ipxe.org/err/2d03e1
The server does not register an HTTP request being made. The packet dump shows iPXE sends ACK followed by FIN ACK after Server Hello Done.
However,
works, so the problem appears to lie in iPXE.
Code:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr # enter IP as common name
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > server.pem
iPXE built with server.crt, server run with server.pem.
Not Working:
Code:
openssl genrsa -des3 -out ca-key.pem 2048
openssl req -new -key ca-key.pem -x509 -out ca-cert.pem
openssl genrsa -des3 -out server-key.pem 204
openssl req -new -key server-key.pem -x509 -out server.csr # enter IP as common name
openssl x509 -x509toreq -in server.csr -signkey server-key.pem -out server.req
openssl x509 -req -in server.req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
cat server-key.pem server-cert.pem > server.pem
iPXE built with ca-cert.pem, server uses server.pem.
iPXE fails with https://ipxe.org/err/2d03e1
The server does not register an HTTP request being made. The packet dump shows iPXE sends ACK followed by FIN ACK after Server Hello Done.
However,
Code:
curl --cacert ca-cert.pem https://10.12.11.1/efi_shell.ipxe