This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
crypto [2015/09/10 15:21] mcb30 |
crypto [2020/12/28 20:50] mcb30 |
||
---|---|---|---|
Line 16: | Line 16: | ||
===== Trusted root certificates ===== | ===== Trusted root certificates ===== | ||
- | In the default configuration, iPXE trusts only a single root certificate: the {{:certs:ca.crt|"iPXE root CA" certificate}}. | + | In the default configuration, iPXE trusts only a single root certificate: the {{:certs:ca.crt|"iPXE root CA" certificate}}. This root certificate is used to cross-sign the standard [[https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt|Mozilla list of public CA certificates]]. |
+ | |||
+ | In the default configuration, iPXE will therefore automatically trust the same set of certificates as the [[https://www.mozilla.org/firefox/|Firefox]] web browser. | ||
If you want more control over the chain of trust, then you can generate your own private root certificate ''ca.crt'' using: | If you want more control over the chain of trust, then you can generate your own private root certificate ''ca.crt'' using: |