[ipxe-devel] Add certificate Was: X_Y_Z certificates not supported
Geert Stappers
stappers at stappers.nl
Sun Jun 7 08:30:26 UTC 2020
On Sun, Jun 07, 2020 at 05:56:17PM +1000, Adam Baxter wrote:
> For the benefit of anyone Googling this,
} For the benefit of anyone websearching this,
> > How to add SSL certificate to the iPXE executable?
> I was able to manually trust this chain by doing the following:
>
> ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect ewr.edge.kernel.org:443) -scq > ewr.edge.kernel.org.crt
Hey, that is a cool way to create a .crt file.
> make -j4 bin/ipxe.lkrn CERT=ewr.edge.kernel.org.crt TRUST=ewr.edge.kernel.org.crt DEBUG=x509
make -j$(nproc) bin/ipxe.lkrn CERT=ewr.edge.kernel.org.crt TRUST=ewr.edge.kernel.org.crt
For as much parallel jobs as you have number of processor cores,
without x509 debug output.
> --Adam
> ipxe-devel at lists.ipxe.org
Thanks
Regards
Geert Stappers
P.S.
My 'LOL' was planned to get a follow-up by me where I would explain
what is funny. I'll do a more serious follow-up on
ECDHE ciphers becoming more of an issue
--
Silence is hard to parse
More information about the ipxe-devel
mailing list