I'm fully aware that my problem is not ipxe related but I need some help.
We are using IPXE for quite a time without no issues.
The one thing that I'm fighting with is SSL.
Our infrastructure turns on Microsoft IIS & WDS.
Enable Secure Boot encrypt traffic SSL with private certificate.
After that I'm able to make bin-x86_64-efi/snponly.efi CERT=myca.pem TRUST=myca.pem EMBED=mybootscript.ipxe but obviously that doesn't work ;)
So the main questions are
what crosscertificate do I have to create for snponly.efi to negociate with IIS SSL webserver on a Microsoft PKI environment
which component(s) in pfx (with private key exported) do I need to extract and how that is translated/related to CERT=myca.pem TRUST=myca.pem
Background I'm a MS system engineer set up infrastructure and responsable for OS Deployments at our department but not a GURU @ IPXE & SSL so please be gentle ;)
Hello,
I'm fully aware that my problem is not ipxe related but I need some help. We are using IPXE for quite a time without no issues. The one thing that I'm fighting with is SSL. Our infrastructure turns on Microsoft IIS & WDS. Enable Secure Boot encrypt traffic SSL with private certificate.
Sure I'm able to route the traffic https wise with a webserver certificate. But I don't see which certificate I need to bake into snponly.efi. I can create a Computer Certificate - export pfx and use openssl to extract the necessary parts (TRUST-CERT-KEY) (ex. https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file).
After that I'm able to make bin-x86_64-efi/snponly.efi CERT=myca.pem TRUST=myca.pem EMBED=mybootscript.ipxe but obviously that doesn't work ;)
So the main questions are
Background I'm a MS system engineer set up infrastructure and responsable for OS Deployments at our department but not a GURU @ IPXE & SSL so please be gentle ;)
Thanks
Christoph