This shows you the differences between two versions of the page.

err:022ae1 [2012/03/22 14:53] (current)
Line 1: Line 1:
 +This error indicates that the certificate used to verify a binary with the ''[[:cmd:imgverify]]'' command is not a signing certificate.  A certificate used for code-signing must include the digitalSignature key usage.
 +Things to try:
 +   * Check that your certificate includes the digitalSignature key usage.  For example, to check the certificate ''codesign.crt'':<code>  $ openssl x509 -in codesign.crt -noout -text
 +  ...
 +     X509v3 extensions:
 +          X509v3 Key Usage:
 +              Digital Signature
 +          X509v3 Extended Key Usage:
 +              Code Signing
 +  ...</code>
 +  * Generate a new code-signing certificate including the digitalSignature key usage.  If you are using [[http://www.openssl.org/|OpenSSL]] to generate the certificate, then you need to include the following [[http://www.openssl.org/docs/apps/x509v3_config.html|extensions]]:<code>  keyUsage=digitalSignature
 +  extendedKeyUsage=codeSigning</code>
 +A certificate used for code-signing must also include the codeSigning extended key usage.
err/022ae1.txt · Last modified: 2012/03/22 14:53 (external edit)
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL http://ipxe.org
References to "iPXE" may not be altered or removed.