Using ''DEBUG=validator'' often shows what failed.
Or ''DEBUG=tls,x509:3,validator,certstore,privkey'' to show full details, but this could be to much information making it harder to spot the issue.

If you want to trust multiple root certificates, use one certificate per file and specify all files separated with comma as described  [[https://git.ipxe.org/ipxe.git/commit/aee3a064f22f994a930990c1bb0d339412e65d76|in the commit]] that introduced the feature.

=== Checklist ===

  * **Time:** Check that your device time is correct. Use ''show unixtime:int32'' to see current time in seconds of device and compare that to current actual time.
  * **Chain:** Ensure the certificate is valid in the chain that iPXE trusts.