The following warnings occurred:
Warning [2] count(): Parameter must be an array or an object that implements Countable - Line: 807 - File: showthread.php PHP 7.3.15 (Linux)
File Line Function
/showthread.php 807 errorHandler->error

Post Reply 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
iPXE bundling certificate chains for chainbooting HTTPS resources
2019-11-22, 01:46
Post: #1
iPXE bundling certificate chains for chainbooting HTTPS resources
FYI: I asked this question on StackOverflow: because I didn't get the activation email from this forum for an entire day.

According to, by default iPXE trusts its own root certificate located here I tested it it, and I was able to chain boot `` using `chain --autofree`.

I wanted to see if I could use my own custom certificate chain and embed it into iPXE.

To test this, I tried 2 certificates bundles in PEM format. The first is from The second is from my OS (NixOS) `cacert` package here

In both cases I had a file that was PEM format.

Then I compiled iPXE with the options `CERT=...,TRUST=...`.

Then I tried chain booting into ``. However in both cases, they did not work. It always resulted in

If I tried instead downloading iPXE's root certificate and explicitly embedding it with `CERT=...,TRUST=...`, the chaining into HTTPs works.

So my questions are:

1. is there a specific format that iPXE requires for its certificate bundles.
2. why do certificate bundles used by curl and other similar applications not work for iPXE
3. how did iPXE's root certificate get cross signed on all of mozilla's public certs?

> This root certificate is used to cross-sign the standard Mozilla list of public CA certificates.

How did this happen? I would like to reproduce such an activity with my own private CA certificate using `openssl`.
Find all posts by this user
Quote this message in a reply
Post Reply 

Messages In This Thread
iPXE bundling certificate chains for chainbooting HTTPS resources - CMCDragonkai - 2019-11-22 01:46

User(s) browsing this thread: 1 Guest(s)