<div dir="ltr">Hello,<div><br></div><div>I have built iPXE from source and my embedded script is trying to boot,</div><div><br></div><div><a href="https://boot.ipxe.org/demo/boot.php">https://boot.ipxe.org/demo/boot.php</a><br></div><div>or</div><div><a href="https://boot.netboot.xyz/">https://boot.netboot.xyz/</a><br></div><div>or</div><div><a href="https://myowndomain-with-letsencrypt/boot.php">https://myowndomain-with-letsencrypt/boot.php</a></div><div><br></div><div>And all fail because of certificate issues.</div><div>The documentation on <a href="https://ipxe.org/crypto">https://ipxe.org/crypto</a> mentions that,</div><div><br></div><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">In the default configuration, iPXE trusts only a single root certificate: the <a href="https://ipxe.org/_media/certs/ca.crt" class="gmail-media gmail-mediafile gmail-mf_crt" title="certs:ca.crt (1.4 KB)" style="padding:0px 0px 0px 18px;margin:0px;background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAwElEQVR4AW3PPUoDURQF4O/OBHsb0yi4ByG4TUELl+Q2bMQ0Roz5IfPedRgIg+Gd037cw40U3Frq/c/ae1YkPBw2pzLk3EM+P7nXJQmrU9nm79Tv/MrPkXzky0QIrIbc5zH3Y39yk+sR7HKbryMJIUfwVkCVBkfXgMXjAqAT6BS9KxvV4AZnIEDoQUwQM4CZTMttQExz87QWode1LiRIoTKDFuraIKQALkCKMzGnyi4TtexVl6llp0QK7iyb/xTrP+DMapMFm/pGAAAAAElFTkSuQmCC") 0px 50% no-repeat transparent;color:rgb(67,105,118);text-decoration-line:none">"iPXE root CA" certificate</a>. This root certificate is used to cross-sign the standard <a href="http://mxr.mozilla.org/comm-central/source/mozilla/security/nss/lib/ckfw/builtins/certdata.txt" class="gmail-urlextern" title="http://mxr.mozilla.org/comm-central/source/mozilla/security/nss/lib/ckfw/builtins/certdata.txt" style="padding:0px 0px 0px 18px;margin:0px;background-repeat:no-repeat;background-position:0px 50%;background-image:url("/lib/tpl/doogiestpl/images/link_icon.gif");color:purple;text-decoration-line:none">Mozilla list of public CA certificates</a>.</blockquote><div><br></div><div>Do  I need to download the iPXE root ca and compile it in? If so how?</div><br class="gmail-Apple-interchange-newline"></div><div><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Ibrahim Tachijian</div></div></div>