[ipxe-devel] iPXE CERTSTORE: X509 0xb09e0 could not parse signature algorithm: Operation not supported
Mike Sollanych
msollanych at dwavesys.com
Wed Mar 6 18:38:04 UTC 2019
Hello all, my thanks for an excellent tool that I find very useful.
I'm in the process of upgrading our internal CAs from an older SHA-1 CA cert to a newer one with a stronger cipher. Attempting to bake this into iPXE at build time using
CERT=/etc/ssl/certs/#{trusted_ca_cert}.pem TRUST=/etc/ssl/certs/#{trusted_ca_cert}.pem
works fine for compilation, but when I actually boot the resulting iPXE, I get:
X509 0xb09e0 could not parse signature algorithm: Operation not supported
and a link to http://ipxe.org/err/3c00e1 which unfortunately doesn't help me much.
It's worth noting that this process worked perfectly with the previous cert, so it's definitely the algorithm. For the CA cert, when I run `openssl x509`, I see:
Signature Algorithm: ecdsa-with-SHA512
Is there any way I could get support for that? Happy to build and beta test.
Mike Sollanych
Senior DevOps Systems Engineer
D-Wave Systems Inc.
________________________________________
CONFIDENTIAL. This email, including attachments, is confidential. If you received it in error, please delete this email immediately and notify the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20190306/bf2164a7/attachment.htm>
More information about the ipxe-devel
mailing list