certstore [--subject <subject>] [--keep] [<uri>]
Add the specified certificates to the certificate store. If a URI is specified, then it will be downloaded and treated as a PEM or DER-encoded certificate file. The certificate file will be discarded after extracting the certificates unless the
--keep option is specified. If a subject name is specified, then only certificates matching the specified name will be added to the certificate store.
|Success||All specified certificates were successfully added to the store|
|Failure||Some certificates were not successfully added to the store|
This command is available only when the build option
CERT_CMD is enabled.
--subject option will match against the certificate's Common Name and any Subject Alternative Names, if present.
Downloaded certificates will be marked as
[EXPLICIT] in the output of the
Certificate files may include multiple PEM-encoded certificates.
You can use
certstore as a manual alternative to the
crosscert mechanism, by explicitly downloading the required cross-signed certificate chain. For example:
This can be useful if you are operating on a network without access to http://ca.ipxe.org/auto, since you can use
certstore to download a local copy of the certificate chain.