Re: [ipxe-devel] [https] "iPXE root CA OCSP responder" expired

2020-03-25 Thread Denis Ryabyy
Thank you very much! ср, 25 мар. 2020 г. в 17:53, Michael Brown : > On 12/03/2020 17:20, Denis Ryabyy wrote: > > A while ago I've got https on iPXE stop to work. > > > > After debugging this I have: > > > > iPXE> chain https://google.com <--- trying to establish any ssl > connection > > X509 0x

Re: [ipxe-devel] [https] "iPXE root CA OCSP responder" expired

2020-03-25 Thread Michael Brown
On 12/03/2020 17:20, Denis Ryabyy wrote: A while ago I've got https on iPXE stop to work. After debugging this I have: iPXE> chain https://google.com   <--- trying to establish any ssl connection X509 0xebfc4 "iPXE root CA OCSP responder" has expired (at time 1584033180)   Permission denied (h

Re: [ipxe-devel] HTTPS & iPXE

2020-01-14 Thread Michael Brown
On 14/01/2020 22:17, Michael Brown wrote: This "iPXE root CA" certificate is used to cross-sign every root certificate trusted by Mozilla, and a mechanism exists to allow iPXE to automatically download these cross-signed certificates as needed.  There is a reasonable explanation of this at  

Re: [ipxe-devel] HTTPS & iPXE

2020-01-14 Thread Michael Brown
On 14/01/2020 19:54, Ibrahim Tachijian wrote: The issues you are experiencing are most likely because the iPXE OCSP service is still down following a hardware death.  Replacement is currently stalled pending the existence of a suitable ocspd package for Fedora; the version in the

Re: [ipxe-devel] HTTPS & iPXE

2020-01-14 Thread Ibrahim Tachijian
> > The issues you are experiencing are most likely because the iPXE OCSP > service is still down following a hardware death. Replacement is > currently stalled pending the existence of a suitable ocspd package for > Fedora; the version in the Fedora repos is more than ten years out of date. How

Re: [ipxe-devel] HTTPS & iPXE

2020-01-12 Thread Michael Brown
On 11/01/2020 15:28, Ibrahim Tachijian wrote: And all fail because of certificate issues. The documentation on https://ipxe.org/crypto mentions that, In the default configuration, iPXE trusts only a single root certificate: the "iPXE root CA" certificate

Re: [ipxe-devel] HTTPS & iPXE

2020-01-11 Thread Santiago Torres-Arias
> In the default configuration, iPXE trusts only a single root certificate: > > the "iPXE root CA" certificate . > > This root certificate is used to cross-sign the standard Mozilla list of > > public CA certificates > >