[ipxe-devel] HTTPS with own CA certificate

Sven Dreyer sven at dreyer-net.de
Thu Mar 7 15:38:19 UTC 2013

Hi guys,

I try to embed my own root CA certificate in iPXE. But everytime iPXE 
contacts my Apache server, it throws an "no such file or directory 
(2d0c613b)" error.

I checked out the latest release from git (3a8d).

Then I changed
in src/config/general.h

Then I compiled iPXE from my home directory using

make TRUST=../../root.crt -C ipxe/src/ bin/ipxe.iso

I also tried an absolute path for the CA certificate file:

make TRUST=/home/sven/root.crt -C ipxe/src/ bin/ipxe.iso

the root.crt file contains a single CA certificate, base64-encoded PEM, 
as produced by OpenSSL.

Wireshark reveals that the TLS connection is established, but after
"SSL Client Hello" and "TLSv1 Server Hello, Certificate, Server Hello 
Done", iPXE seems to send a HTTP GET to
which produces a 404 error. So this might be the reason for "no such 
file or directory".

I hoped that iPXE would accept my server's certificate, since it has 
embedded the corresponding root CA certificate. Of course the server's 
hostname equals the CN of the server certificate.

Access via wget works without certificate warnings, because I copied my 
CA certificate is in /etc/ssl/certs (including the symlink to its 

I am pretty sure the certificates are okay since I imported the root CA 
certificate to various Linux, Windows, Android and iOS devices and can 
access the same webserver without any certificate error message.

The root.crt file seems to be read by the make process, when I rename 
the file the make process complains about being unable to read the file.

Is there anything I could do for debugging? Or am I completely wrong?

Any hints appreciated.

Thanks and best regards,

More information about the ipxe-devel mailing list