Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Possible bug when using self signed certificate
2020-07-03, 16:32
Post: #1
Possible bug when using self signed certificate
Working:

Code:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr # enter IP as common name
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > server.pem

iPXE built with server.crt, server run with server.pem.

Not Working:

Code:
openssl genrsa -des3 -out ca-key.pem 2048
openssl req -new -key ca-key.pem -x509 -out ca-cert.pem
openssl genrsa -des3 -out server-key.pem 204
openssl req -new -key server-key.pem -x509 -out server.csr # enter IP as  common name
openssl x509 -x509toreq -in server.csr -signkey server-key.pem -out server.req
openssl x509 -req -in server.req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
cat server-key.pem server-cert.pem > server.pem

iPXE built with ca-cert.pem, server uses server.pem.

iPXE fails with https://ipxe.org/err/2d03e1

The server does not register an HTTP request being made. The packet dump shows iPXE sends ACK followed by FIN ACK after Server Hello Done.

However,
Code:
curl --cacert ca-cert.pem https://10.12.11.1/efi_shell.ipxe
works, so the problem appears to lie in iPXE.
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 2 Guest(s)