====== Trusted root certificate fingerprints ======

===== Name =====

    trust

===== Details =====

^ Type                | [[:cfgtype:hex|Byte sequence]]  |
^ DHCP option number  | not applicable                  |
^ ISC dhcpd syntax    | not applicable                  |

===== Examples =====

=== Obtain the SHA-256 fingerprint of a certificate ===

    openssl x509 -in ca.crt -noout -sha256 -fingerprint

=== Configure the trusted root certificate fingerprints via VMware GuestInfo ===

    guestinfo.ipxe.trust = "9f:af:71:7b:7f:8c:a2:f9:3c:25:6c:79:f8:ac:55:91"

===== Description =====

Specifies the SHA-256 fingerprints of the X.509 certificates that will be trusted by iPXE.

For security reasons, this setting cannot be altered at runtime.  The only way to provide a value for this setting is via a trusted source such as [[:buildcfg:vmware_settings|VMware GuestInfo]].

===== See also =====

  * ''[[:cfg:crosscert]]''
  * iPXE [[:crypto|cryptography]] guide
  * [[:cfg|List of all iPXE settings]]