Hi there,
I was trying to HTTPs boot a virtual machine with the following scenario:
1) I have a self signed root CA root.crt and then I use it to sign another self
signed certificate myip.crt for the IP address X.X.X.X
2) I have an NGINX server configured to use SSL with the myip.crt certificate
Hi Laszlo,
First of all thank you very much for your reply!
I'm using QEMU with OVMF. All the steps to reproduce this are:
* generate the root key
>
> openssl genrsa -out rootCA.key 4096
* create and sign the root certificate
>
> openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 10
In order to install the certificate I did something very naive:
1) I deployed an OS to the machine
2) Stored rootCA.der under /boot/efi/EFI/BOOT/
3) Restarted the machine
4) press F2 and install the certificate as it was available in the storage
5) select HTTPS boot in the boot list.
My nginx
I've enabled the DEBUG mode and I've extracted the following logs (my HTTPS
server IP is 10.0.2.254 in this example)
>
>
>
> >>Start HTTP Boot over IPv4
>
>
>
>
>
> InstallProtocolInterface: BA23B311-343D-11E6-9185-5820B1D65299 7DCBA180
> .MnpAddFreeTxBuf: Add TxBufWrap 7E5DC118, TxBuf 7
On the other side, using curl I get
curl --cacert rootCA.crt https://10.0.2.254:5248/ --tls-max 1.2 --tlsv1.2 -v
* Trying 10.0.2.254:5248...
* Connected to 10.0.2.254 (10.0.2.254) port 5248 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: rootCA.crt
* CApath: /etc/ssl/certs
* T
Hi Laszlo,
If I generate the certificate like
openssl req -new -nodes -x509 -days 365 -keyout server.key -out server.crt
-config config
it works perfectly fine (with the original configuration).
The problem stands with the *chain* of certificates, meaning that I have a root
certificate (let's
Hi Laszlo,
Now I see, using the script it works perfectly fine and your explanation was
very clear! Thank you very much, I appreciated!
Cheers,
Jacopo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110468): https://edk2.groups.io/g/de
