+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: Possible bug when using self signed certificate (/showthread.php?tid=24197)
Possible bug when using self signed certificate - HashFail - 2020-07-03 16:32
Working:
Code:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr # enter IP as common name
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > server.pemiPXE built with server.crt, server run with server.pem.
Not Working:
Code:
openssl genrsa -des3 -out ca-key.pem 2048
openssl req -new -key ca-key.pem -x509 -out ca-cert.pem
openssl genrsa -des3 -out server-key.pem 204
openssl req -new -key server-key.pem -x509 -out server.csr # enter IP as common name
openssl x509 -x509toreq -in server.csr -signkey server-key.pem -out server.req
openssl x509 -req -in server.req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
cat server-key.pem server-cert.pem > server.pemiPXE built with ca-cert.pem, server uses server.pem.
iPXE fails with https://ipxe.org/err/2d03e1
The server does not register an HTTP request being made. The packet dump shows iPXE sends ACK followed by FIN ACK after Server Hello Done.
However,
Code:
curl --cacert ca-cert.pem https://10.12.11.1/efi_shell.ipxe