On Thursday 07 Mar 2013 15:38:19 Sven Dreyer wrote: > Wireshark reveals that the TLS connection is established, but after > "SSL Client Hello" and "TLSv1 Server Hello, Certificate, Server Hello > Done", iPXE seems to send a HTTP GET to > http://ca.ipxe.org/auto/<hex>.der/<ServerCertIssuerAsBase64> > which produces a 404 error. So this might be the reason for "no such > file or directory".
This is what happens when the certificate chain as provided by the server is incomplete (i.e. the chain does not contain all certificates up to _and including_ the CA root certificate). iPXE attempts to complete the chain by downloading the remainder from http://ca.ipxe.org/. Since you are using a private root CA, this obviously won't work. You have two options: - provide the CA root certificate as part of the certificate chain published by the web server. (Other TLS clients do not require this since they store the CA root certificate locally; iPXE stores only the CA root certificate fingerprint since the certificate itself is generally too large.) - use the "crosscert" setting (http://ipxe.org/cfg/crosscert) to provide iPXE with a location from which to download your CA root certificate. Michael _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
