I can load the .ipxe script from Firefox and display the certificate details: Serial: 04:45:82:E5:7F:72:A5:7A:C1:D5:E9:ED:8C:57:3C:1E:BB:B0 SHA-256: AD:8D:28:BE:3D:A1:40:FB:08:AB:4C:1F:1E:B5:8E:B0:3E:4F:4A:52:23:69:AB:85:41:2D:60:A7:C2:80:25:80 SHA1 25:95:32:0A:21:2E:CA:EA:43:AB:3F:1D:89:BF:9A:F7:D9:9E:59:F7 Does that help? The certificate can be viewed by loading https://www.archlinux.org/releng/netboot/archlinux.ipxe in Firefox (for example) and clicking the green padlock. ________________________________ From: Santiago Torres-Arias <santiago@archlinux.org> Sent: October 1, 2019 4:44 PM To: Arch Linux Release Engineering <arch-releng@archlinux.org> Cc: Anindya Mukherjee <anindya49@hotmail.com> Subject: Re: [arch-releng] ipxe.lkrn BIOS TLS issue On Tue, Oct 01, 2019 at 10:05:41PM +0000, Anindya Mukherjee via arch-releng wrote:
The ipxe.lkrn image boots successfully but when it tries to access https://www.archlinux.org/releng/netboot/archlinux.ipxe it fails with "Operation not permitted". IPXE shows the error url http://ipxe.org/410de13c which points to a TLS issue (Fatal alert). Not sure how to proceed. The networking seems to be working fine. Typing route at the ipxe prompt shows an ip address has been assigned. Is there a certificate issue with ipxe.lkrn?
Looks to me that the certificate is not being trusted (similar to the bug below): https://bugs.archlinux.org/task/58470 Do you have the certificate that's being requested? Cheers! -Santiago/Sangy