This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
crypto [2012/07/27 11:34] mcb30 |
crypto [2013/11/12 16:06] mcb30 |
||
---|---|---|---|
Line 33: | Line 33: | ||
Certificates must be in PEM format. | Certificates must be in PEM format. | ||
+ | |||
+ | {{ :clipart:warning.png?90x75|Warning}} | ||
+ | |||
+ | The full root certificates are too large to be embedded into the iPXE binary; only the SHA-256 fingerprints of the certificates can be included. If you are using the default {{:certs:ca.crt|"iPXE root CA" certificate}}, then iPXE will automatically download the full root certificate as needed from [[http://ca.ipxe.org/ca.crt]] (or from a mirror specified using the ''[[:cfg:crosscert]]'' setting). If you are using a private root certificate, then you must make this certificate available to iPXE either by setting up your own ''[[:cfg:crosscert]]'' server, or by including the root certificate within all certificate chains presented to iPXE as documented below. | ||
{{ :clipart:books.png?160x160|Some books}} | {{ :clipart:books.png?160x160|Some books}} | ||
Line 59: | Line 63: | ||
preserve = yes | preserve = yes | ||
default_days = 90 | default_days = 90 | ||
+ | unique_subject = no | ||
| | ||
[ policy_anything ] | [ policy_anything ] |