certstore [--subject <subject>] [--keep] [<uri>]
certstore http://ca.ipxe.org/ca.crt
certstore http://ca.ipxe.org/cross/cross-digicert-global-root-ca.crts
Add the specified certificates to the certificate store. If a URI is specified, then it will be downloaded and treated as a PEM or DER-encoded certificate file. The certificate file will be discarded after extracting the certificates unless the --keep option is specified. If a subject name is specified, then only certificates matching the specified name will be added to the certificate store.
| Success | All specified certificates were successfully added to the store |
|---|---|
| Failure | Some certificates were not successfully added to the store |
This command is available only when the build option CERT_CMD is enabled.
The --subject option will match against the certificate's Common Name and any Subject Alternative Names, if present.
Downloaded certificates will be marked as [EXPLICIT] in the output of the certstat command.
Certificate files may include multiple PEM-encoded certificates.
You can use certstore as a manual alternative to the crosscert mechanism, by explicitly downloading the required cross-signed certificate chain. For example:
certstore http://ca.ipxe.org/cross/cross-digicert-global-root-ca.crts
This can be useful if you are operating on a network without access to http://ca.ipxe.org/auto, since you can use certstore to download a local copy of the certificate chain.