iPXE discussion forum
Possible bug when using self signed certificate - Printable Version

+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: Possible bug when using self signed certificate (/showthread.php?tid=24197)

Possible bug when using self signed certificate - HashFail - 2020-07-03 16:32


openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr # enter IP as common name
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > server.pem

iPXE built with server.crt, server run with server.pem.

Not Working:

openssl genrsa -des3 -out ca-key.pem 2048
openssl req -new -key ca-key.pem -x509 -out ca-cert.pem
openssl genrsa -des3 -out server-key.pem 204
openssl req -new -key server-key.pem -x509 -out server.csr # enter IP as  common name
openssl x509 -x509toreq -in server.csr -signkey server-key.pem -out server.req
openssl x509 -req -in server.req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
cat server-key.pem server-cert.pem > server.pem

iPXE built with ca-cert.pem, server uses server.pem.

iPXE fails with https://ipxe.org/err/2d03e1

The server does not register an HTTP request being made. The packet dump shows iPXE sends ACK followed by FIN ACK after Server Hello Done.

curl --cacert ca-cert.pem
works, so the problem appears to lie in iPXE.