iPXE discussion forum

Full Version: DNS problem
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi, I am setting up some chain loading environment (VMWare auto deploy) and I have the following:
iPXE 1.0.0+ (9361) -- Open Source Network Boot Firmware -- http://ipxe.org

iPXE> dhcp net0
DHCP (net0 b8:ac:6f:82:9d:2a)...... ok
iPXE> show ip
net0.dhcp/ip:ipv4 =
iPXE> show dns
net0.dhcp/dns:ipv4 =
iPXE> show gateway
net0.dhcp/gateway:ipv4 =
iPXE> show next-server
net0.dhcp/next-server:ipv4 =
iPXE> show netmask
net0.dhcp/netmask:ipv4 =
iPXE> show domain
net0.dhcp/domain:string = test.com
iPXE> chain Error 0x3e11613b (http://ipxe.org/3e11613b)
When i looked up it is "Error: DNS name does not exist". Clearly dns is visible here..
Yes, you have DNS available, but you're trying to do HTTPS on an IP-address. HTTPS expects the host in the URL to be a domain name, or else it can't validate that the certificate matches. So what it actually tries to pretend is a DNS hostname is the literal string "", which it obviously is not. Configure a hostname for the server at in your DNS and stick that name in your script instead of the IP. Obviously you must also make sure that the certificate you're using on the web server matches that name. See http://ipxe.org/crypto for more details on the HTTPS support.
(2013-07-02 08:15)robinsmidsrod Wrote: [ -> ]HTTPS expects the host in the URL to be a domain name, or else it can't validate that the certificate matches

er, you can have an SSL certificate with an IP address as a host name, you're unlikely to get a commercial CA to provide a certificate with an IP address, but an internal private CA is a different kettle of fish
Well, that might be, but have you verified that the iPXE HTTPS implementation allows such a setup? I suggest you try with a DNS name and see if you get a different type of error just to rule out that possibility. My guess HTTPS with IP address is not supported. I haven't checked the source, though, so I might be wrong.
Just so that no one is stuck here..

The problem is indeed in https x509 validation.
The code looks for the same name in the certificate; as the chain loading URL. In my case it was different.
Reference URL's