An error

Error: No usable certificates

(Error code 0216eb)

Possible sources

This error originated from one of the following locations within the iPXE source code:

General advice

  • Try using the latest version of iPXE. Your problem may have already been fixed.
  • Try building iPXE with the debug option DEBUG=x509
  • You can contact the iPXE developers and other iPXE users.
  • Refresh this page after 24 hours. This page is actively monitored, and further information may be added soon.

Additional notes

(Please edit this page to include any of your own useful hints and tips for fixing this error.)

This is an old revision of the document!

Using a self-signed certificate, the following build command resulted in a iPXE binary that would yield this “0216eb..” error. 

make bin/ipxe.lkrn EMBED=../syslinux.ipxe CERT=../certs/selfsigned-cert.pem TRUST=../certs/selfsigned-cert.pem

Adding the “PRIVKEY” option did not seem to resolve the error.

By trial-and-error, I found the following method to work-around the error. 

cd ../certs
cat selfsigned-cert.pem selfsigned-key.pem > cert-and-key.pem
cd ../src
make bin/ipxe.lkrn EMBED=../syslinux.ipxe CERT=../certs/cert-and-key.pem TRUST=../certs/cert-and-key.pem

Add DEBUG=tls,x509:3,certstore,privkey to make line for relevant run-time debug info.

If you want to trust multiple root certificates, use one certificate per file and specify all files separated with comma as described in the commit that introduced the feature.

Checklist

  • Time: Check that your BIOS time is correct. I encountered this error right after resetting the CMOS. If the BIOS date is before the cert issue date, you should get this error.
err/0216eb.1538430053.txt.gz · Last modified: 2018/10/01 21:40 by nikize
Recent changes RSS feed CC Attribution-Share Alike 4.0 International Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL https://ipxe.org
References to "iPXE" may not be altered or removed.