On Thursday 22 Mar 2012 16:44:54 Terry Burton wrote: > > iPXE embeds only the SHA-256 fingerprints of the trusted root > > certificates, not the whole certificate. A consequence of this is that > > the server must currently provide the full certificate chain, including > > the root certificate and any cross-signing certificates. This > > limitation will eventually be lifted, by enabling iPXE to automatically > > download the relevant cross-signing certificates when needed. > > Thanks for this! > > It's working perfectly well for my purposes using an embedded > self-signed certificate but I will report on success with CA-signed > (and cross-signed) certificates if we go that way.
Great! Thanks for letting me know. :) In case you're interested, I'm currently working on code-signing. The code PKCS#7 functionality is tested and committed, but I want to rationalise some of the image-management commands before adding any more. Michael _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo/ipxe-devel
