[ipxe-devel] HTTPS & iPXE
Santiago Torres-Arias
santiago at archlinux.org
Sat Jan 11 18:39:27 UTC 2020
> In the default configuration, iPXE trusts only a single root certificate:
> > the "iPXE root CA" certificate <https://ipxe.org/_media/certs/ca.crt>.
> > This root certificate is used to cross-sign the standard Mozilla list of
> > public CA certificates
> > <http://mxr.mozilla.org/comm-central/source/mozilla/security/nss/lib/ckfw/builtins/certdata.txt>
> > .
>
>
> Do I need to download the iPXE root ca and compile it in? If so how?
>
Hi, you can check out[1] to see how TRUST and CERT is used in a
makefile in the Arch Linux case. I'm not sure if this is the "blessed"
way of doing it but it is the one that seems to work.
Cheers!
-Santiago
[1] https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=ipxe-netboot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20200111/dcb81116/attachment.sig>
More information about the ipxe-devel
mailing list