Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
HTTPS from a pxe built using rom-o-matic
2015-03-25, 11:05
Post: #1
Music HTTPS from a pxe built using rom-o-matic
Hello,
I have an existing setup that has the following
An undi only pxe has an embedded script that makes an http:// call to get the winpe installation steps and so on.
It also can be chained for some HP machines to load ipxe.pxe and then http:// call to get winpe installation and so on.

--- Everything is working fine so far ---
only requirement is to make the http call to be https://
-------------------------------------------------------------
Q1> how can I build undionly that support https feature as currently it only has http tftp dns etc.
I only want to authenticate the server.
a> I will get a certificate from the company root certificate
b> Install the certificate on my server. Enable the SSL on the IIS webserver
c> get the public key for this certificate as *.cer file
d> use this .cer to generate the pxe
Q2> How to use the rom-o-matic to specify the certificate and build?

Thanks,
Subhash
Find all posts by this user
Quote this message in a reply
2016-10-07, 08:35
Post: #2
RE: HTTPS from a pxe built using rom-o-matic
Follow the instructions on http://ipxe.org/crypto to build a HTTPS-enabled ipxe binary. If you only plan to connect to this one server only then you can just embed the server certificate and trust that. If you need to connect to multiple servers then you either need to have them all use the same CA (e.g. company one) and you should trust the CA cert. If you need to support multiple roots then you need to either use the public cross-cert mechanism on ca.ipxe.org (default) or create your own (challenging, but doable) cross-cert setup.
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)