[ipxe-devel] Validation of SSL certificates for HTTPS
mbrown at fensystems.co.uk
Thu Mar 22 17:24:45 GMT 2012
On Thursday 22 Mar 2012 16:44:54 Terry Burton wrote:
> > iPXE embeds only the SHA-256 fingerprints of the trusted root
> > certificates, not the whole certificate. A consequence of this is that
> > the server must currently provide the full certificate chain, including
> > the root certificate and any cross-signing certificates. This
> > limitation will eventually be lifted, by enabling iPXE to automatically
> > download the relevant cross-signing certificates when needed.
> Thanks for this!
> It's working perfectly well for my purposes using an embedded
> self-signed certificate but I will report on success with CA-signed
> (and cross-signed) certificates if we go that way.
Great! Thanks for letting me know. :)
In case you're interested, I'm currently working on code-signing. The code
PKCS#7 functionality is tested and committed, but I want to rationalise some
of the image-management commands before adding any more.
More information about the ipxe-devel