Add ''DEBUG=tls,x509:3,certstore,privkey'' to make line for relevant run-time debug info. If you want to trust multiple root certificates, use one certificate per file and specify all files separated with comma as described [[https://git.ipxe.org/ipxe.git/commit/aee3a064f22f994a930990c1bb0d339412e65d76|in the commit]] that introduced the feature. === Checklist === * **Time:** Check that your BIOS time is correct. I encountered this error right after resetting the CMOS. If the BIOS date is before the cert issue date, you should get this error.