Table of Contents

Manage certificates

Synopsis

  certstore [--subject <subject>] [--keep] [<uri>]

Examples

Download a certificate to the certificate store

  certstore http://ca.ipxe.org/ca.crt

Download a certificate chain to the certificate store

  certstore http://ca.ipxe.org/cross/cross-digicert-global-root-ca.crts

Description

Add the specified certificates to the certificate store. If a URI is specified, then it will be downloaded and treated as a PEM or DER-encoded certificate file. The certificate file will be discarded after extracting the certificates unless the --keep option is specified. If a subject name is specified, then only certificates matching the specified name will be added to the certificate store.

Command status

Success All specified certificates were successfully added to the store
Failure Some certificates were not successfully added to the store

See also

Build options

This command is available only when the build option CERT_CMD is enabled.

Notes

The --subject option will match against the certificate's Common Name and any Subject Alternative Names, if present.

Downloaded certificates will be marked as [EXPLICIT] in the output of the certstat command.

Certificate files may include multiple PEM-encoded certificates.

You can use certstore as a manual alternative to the crosscert mechanism, by explicitly downloading the required cross-signed certificate chain. For example:

  certstore http://ca.ipxe.org/cross/cross-digicert-global-root-ca.crts

This can be useful if you are operating on a network without access to http://ca.ipxe.org/auto, since you can use certstore to download a local copy of the certificate chain.