Hi all, I'm trying to boot a kernel image from https://ewr.edge.kernel.org/fedora-buffet/fedora/linux/releases/32/Server/x86_64/os/images/pxeboot/vmlinuz via packet.net's iPXE. I can replicate the issue I'm getting with a local build of iPXE from Git.
X509 chain 0xf3fe4 added X509 0xf5da4 "*.edge.kernel.org" X509 chain 0xf3fe4 added X509 0xfb614 "Sectigo RSA Domain Validation Secure Server CA" X509 chain 0xf3fe4 added X509 0xfbce4 "USERTrust RSA Certification Authority" .X509 0xf5da4 "*.edge.kernel.org" is valid (at time 1591514259) X509 0xf5da4 "*.edge.kernel.org" is not a root certificate X509 0xf5da4 "*.edge.kernel.org" has no issuer X509 0xfb614 "Sectigo RSA Domain Validation Secure Server CA" is valid (at time 1591514259) X509 0xfb614 "Sectigo RSA Domain Validation Secure Server CA" is not a root certificate X509 0xfb614 "Sectigo RSA Domain Validation Secure Server CA" has no issuer X509 0xfbce4 "USERTrust RSA Certification Authority" is valid (at time 1591514259) X509 0xfbce4 "USERTrust RSA Certification Authority" is not a root certificate X509 0xfbce4 "USERTrust RSA Certification Authority" has no issuer curl on the box that I built my debug copy of iPXE verifies it OK - I thought they both used the same set of certificates? * Server certificate: * subject: CN=*.edge.kernel.org * start date: Mar 16 00:00:00 2020 GMT * expire date: Mar 16 23:59:59 2021 GMT * subjectAltName: host "ewr.edge.kernel.org" matched cert's "*.edge.kernel.org" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA * SSL certificate verify ok. My next step will be trying to chain from packet.net's iPXE to my own with these specific certificates in them. Thanks, Adam _______________________________________________ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
