iPXE discussion forum
How to use certificate? - Printable Version

+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: How to use certificate? (/showthread.php?tid=10268)



How to use certificate? - alex1983 - 2017-08-25 13:32

Hi to all,
I'm trying to IPXE using a HTTPS server. I have a problem with certificates:
I have created CA-ROOT certificate,
I have created the CA-SUB-ROOT certificate,
and I've signed the server certificate with the CA-SUB-ROOT.
Finally I insert the client certificate and its private key in the iPXE iso.

When I start the iPXE boot, I receive the following message:
TLS 0x103ae4 certificate validation succeeded
TLS 0x103ae4 received fatal alert 48
Operation not permitted (http://ipxe.org/410de13c)

Which is my error?
if I launch certstat, I can see that all certificate are validated but client. Client certificate is only embedded and not validated, why? Client and server certificate are both signed with the same CA but server is validated and client not.

Thanks in advance for the response.


RE: How to use certificate? - robinsmidsrod - 2017-09-19 11:03

Try to build with DEBUG=tls,x509,validator and see if it gives you any more insight.


RE: How to use certificate? - alex1983 - 2017-10-24 10:09

(2017-09-19 11:03)robinsmidsrod Wrote:  Try to build with DEBUG=tls,x509,validator and see if it gives you any more insight.

Hi, I've built the ipxe server with the debug options. We are using and internal CA.
The debug informations are:

CERTSTORE added certificate poclinuxmaster.com
x509 chain 0x101444 added x509 0x105004 "poclinuxmaster.com"
TLS 0x1021c4 found certificate poclinuxmaster.com
TLS 0x1021c4 sending client certificate samuel
x509 chain 0x101444 found no usable certificates
...TLS 0x1021c4 certificate validation failed: Connection reset (http://ipxe.org/0f0a6039)
Connection reset (http://ipxe.org/0f0a6039)
net0: Try to reconfigure automatically. Press any key