iPXE discussion forum
HTTPS from a pxe built using rom-o-matic - Printable Version

+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: HTTPS from a pxe built using rom-o-matic (/showthread.php?tid=7661)



HTTPS from a pxe built using rom-o-matic - Subhash - 2015-03-25 11:05

Hello,
I have an existing setup that has the following
An undi only pxe has an embedded script that makes an http:// call to get the winpe installation steps and so on.
It also can be chained for some HP machines to load ipxe.pxe and then http:// call to get winpe installation and so on.

--- Everything is working fine so far ---
only requirement is to make the http call to be https://
-------------------------------------------------------------
Q1> how can I build undionly that support https feature as currently it only has http tftp dns etc.
I only want to authenticate the server.
a> I will get a certificate from the company root certificate
b> Install the certificate on my server. Enable the SSL on the IIS webserver
c> get the public key for this certificate as *.cer file
d> use this .cer to generate the pxe
Q2> How to use the rom-o-matic to specify the certificate and build?

Thanks,
Subhash


RE: HTTPS from a pxe built using rom-o-matic - robinsmidsrod - 2016-10-07 08:35

Follow the instructions on http://ipxe.org/crypto to build a HTTPS-enabled ipxe binary. If you only plan to connect to this one server only then you can just embed the server certificate and trust that. If you need to connect to multiple servers then you either need to have them all use the same CA (e.g. company one) and you should trust the CA cert. If you need to support multiple roots then you need to either use the public cross-cert mechanism on ca.ipxe.org (default) or create your own (challenging, but doable) cross-cert setup.