This shows you the differences between two versions of the page.

Link to this comparison view

err:022ae1 [2012/03/22 14:53] (current)
Line 1: Line 1:
 +This error indicates that the certificate used to verify a binary with the ''​[[:​cmd:​imgverify]]''​ command is not a signing certificate. ​ A certificate used for code-signing must include the digitalSignature key usage.
 +Things to try:
 +   * Check that your certificate includes the digitalSignature key usage. ​ For example, to check the certificate ''​codesign.crt'':<​code> ​ $ openssl x509 -in codesign.crt -noout -text
 +  ...
 +     ​X509v3 extensions:
 +          X509v3 Key Usage:
 +              Digital Signature
 +          X509v3 Extended Key Usage:
 +              Code Signing
 +  ...</​code>​
 +  * Generate a new code-signing certificate including the digitalSignature key usage. ​ If you are using [[http://​www.openssl.org/​|OpenSSL]] to generate the certificate,​ then you need to include the following [[http://​www.openssl.org/​docs/​apps/​x509v3_config.html|extensions]]:<​code> ​ keyUsage=digitalSignature
 +  extendedKeyUsage=codeSigning</​code>​
 +A certificate used for code-signing must also include the codeSigning extended key usage.
err/022ae1.txt ยท Last modified: 2012/03/22 14:53 (external edit)
Recent changes RSS feed CC Attribution-Share Alike 4.0 International Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL http://ipxe.org
References to "iPXE" may not be altered or removed.