Hi Laszlo, First of all thank you very much for your reply! I'm using QEMU with OVMF. All the steps to reproduce this are: * generate the root key > > openssl genrsa -out rootCA.key 4096 * create and sign the root certificate > > openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out > rootCA.crt * Create a config file with the following content (I basically want a self-signed certificate for the IP 192.168.120.1 ) > > [req] > default_bits = 4096 > default_md = sha256 > distinguished_name = req_distinguished_name > x509_extensions = v3_req > prompt = no > [req_distinguished_name] > C = US > ST = VA > L = SomeCity > O = MyCompany > OU = MyDivision > CN = 192.168.120.1 > [v3_req] > keyUsage = keyEncipherment, dataEncipherment > extendedKeyUsage = serverAuth > subjectAltName = @alt_names > [alt_names] > IP.1 = 192.168.120.1 * create the key > > openssl genrsa -out myip.key 2048 * create the csr > > openssl req -new -key myip.key -out myip.csr -config config * sign the csr > > openssl x509 -req -in myip.csr -CA rootCA.crt -CAkey rootCA.key > -CAcreateserial -out myip.crt -days 500 -sha256 * Then, I generate the.der certificate to be installed using the UEFI UI > > openssl x509 -in rootCA.crt -outform der -out rootCA.der > * Then, I use the UI to install it (the rootCA.der one) I've uploaded all the files here in case (https://drive.google.com/drive/folders/19Yo3sWZJBe43augVIFFvEXNQU8rIqGIV?usp=sharing) . The dump of rootCA.crt is > > > > openssl x509 -in rootCA.crt -text -noout > > > > > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 3b:b2:13:59:44:8a:2a:d2:ba:29:a0:e9:25:e1:32:6d:5a:e6:24:7b > Signature Algorithm: sha256WithRSAEncryption > Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd > Validity > Not Before: Oct 25 12:45:16 2023 GMT > Not After : Aug 14 12:45:16 2026 GMT > Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (4096 bit) > Modulus: > 00:90:9f:da:83:ac:88:44:4d:5c:1e:e7:8d:21:4b: > 98:18:c9:d9:c0:b7:db:d4:f7:e1:54:b6:e4:e5:a8: > c7:78:1f:47:f1:09:a6:fe:b5:08:c5:75:84:c5:26: > 6d:c9:d2:9c:86:2d:09:3b:7e:10:ee:c6:21:fe:c1: > b1:6c:f8:84:6c:e4:9f:92:29:46:9c:98:d6:9e:60: > 39:b9:35:6c:2c:85:11:75:6b:e1:92:64:81:43:6e: > cc:57:c5:eb:bd:a5:d3:40:99:d5:d0:db:6a:f0:51: > 52:ed:72:31:c4:8a:06:19:d7:d4:1b:3b:d7:fc:a7: > c4:25:b0:54:a0:10:c3:f5:0a:7b:25:36:95:84:b4: > a4:85:66:9c:5c:93:af:ab:0a:6f:76:12:57:ed:b5: > e3:09:93:a6:a3:3c:cc:f7:2e:83:25:1b:d2:3c:46: > 36:3b:0d:17:87:84:dd:2e:88:7a:bb:ad:9d:5f:62: > 78:68:d2:46:8f:21:08:53:ba:20:c0:15:28:7b:9a: > f7:82:5d:27:46:0c:0f:5e:48:0e:f2:75:0b:22:98: > 32:c6:e7:b3:21:3b:a1:e6:1b:f0:63:e2:6a:b6:ff: > 94:d7:09:52:be:38:d0:a5:96:f6:1f:bb:b5:9f:11: > 2b:ab:1d:39:dc:88:d5:ae:79:f3:9f:8c:72:5c:6c: > b7:a1:51:62:af:69:2e:b4:ad:85:23:85:a0:7f:6d: > 69:18:86:bd:07:f2:25:e2:4b:db:af:32:d0:bf:c7: > a2:32:1f:7a:c9:bc:74:11:1c:a7:fb:99:5c:33:9b: > 98:9a:fc:94:e3:40:2f:47:a6:b0:1f:28:23:4f:66: > 3e:e6:84:47:8c:ed:f9:d0:8f:a6:b0:b5:37:77:91: > bd:7d:cb:c0:f4:6e:07:e3:a2:c1:2e:16:1d:60:46: > b9:66:6b:59:f8:83:91:17:21:20:ce:58:a6:a9:5b: > fa:32:e6:47:32:b9:e5:5d:11:a0:d0:22:1e:2c:79: > 42:d9:e4:99:55:6c:3d:9d:b2:94:7d:b9:09:7b:e2: > 85:a5:bc:87:9e:50:2f:09:08:f9:f9:fd:0e:95:bb: > 35:6d:f5:10:b7:81:e5:92:79:e5:23:55:48:7f:ce: > 3f:cd:5f:4a:68:1f:33:25:7b:06:07:f1:74:76:de: > 32:2e:89:10:0f:53:97:85:c7:c5:8a:e1:1a:8b:d7: > 56:3b:d6:ab:07:a7:aa:e8:94:06:ba:ba:23:a5:87: > f1:e1:fd:a6:2b:d0:63:54:f6:68:c2:be:d3:1a:d2: > eb:6c:28:65:dd:c3:97:cb:23:d2:9e:f7:49:3e:da: > 50:bf:98:0b:ec:96:50:9d:c4:4c:e7:81:05:ff:8c: > 9a:ea:29 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Subject Key Identifier: > 31:18:EA:B2:10:C7:11:64:D6:5E:39:91:91:BE:D6:A4:10:24:9D:69 > X509v3 Authority Key Identifier: > 31:18:EA:B2:10:C7:11:64:D6:5E:39:91:91:BE:D6:A4:10:24:9D:69 > X509v3 Basic Constraints: critical > CA:TRUE > Signature Algorithm: sha256WithRSAEncryption > Signature Value: > 37:76:7a:0c:12:d2:37:91:5a:8f:5a:20:34:bb:f5:3e:cc:f8: > a3:e8:53:85:d8:99:2a:76:17:c5:e5:ae:fe:17:c9:f6:a1:ab: > 15:4b:23:d8:84:f3:97:b8:c3:6c:30:1e:9f:2f:e3:3c:40:44: > 5c:99:d3:d0:1b:47:fc:20:20:82:7c:58:61:d7:5e:fd:f4:73: > da:a6:a1:65:e9:f9:48:b1:6f:9a:85:c6:fa:58:0e:39:78:2f: > dd:dd:ff:ad:23:b7:df:fe:c0:a6:33:f2:25:ca:a5:2e:d9:99: > 65:bb:6f:dc:cc:1f:23:07:99:87:fc:02:4b:fa:b6:25:34:56: > c2:1a:2b:f2:04:8d:82:1f:d3:8c:46:32:0f:9b:32:31:b3:b5: > d2:87:50:5e:13:f6:10:80:d2:d4:bc:b2:96:db:db:f1:c2:3a: > f7:9c:a4:04:59:3a:db:a8:6f:f5:f0:46:7e:00:20:b9:6c:4e: > f6:49:05:20:97:3d:73:6c:c2:2b:d6:c2:70:ea:46:cf:60:9f: > c3:82:46:cc:ab:e0:c0:cb:b4:e5:62:72:d4:28:77:56:e9:97: > ea:bc:d1:40:89:20:75:86:5f:1e:06:cc:d5:0f:49:dc:3a:cc: > fe:70:32:a1:9a:d2:ab:e4:30:f4:34:5b:cc:93:02:00:26:68: > 71:85:93:86:f7:d3:9d:91:c7:fb:21:e3:13:bd:8f:8c:05:f7: > da:5f:8d:88:68:37:c0:5f:bc:62:94:96:bc:b3:8d:b3:d3:0d: > 5a:47:00:a3:97:69:6b:27:d4:56:ff:c2:6c:ac:97:61:60:67: > d3:59:dc:44:39:b0:4f:60:45:2b:0e:fc:2e:ce:a0:c0:93:4d: > 69:f9:8b:77:15:76:0d:b3:5b:e8:a2:5a:c5:a6:55:2e:74:d8: > 46:74:16:30:26:2c:9f:6d:49:06:1a:e4:d1:63:06:f4:be:dd: > b0:5e:b5:c1:61:d8:3f:89:e4:96:66:bf:6d:d5:14:61:60:87: > 32:31:61:ef:47:8a:53:61:42:35:df:d1:e0:a4:46:c6:97:ac: > 43:06:c5:a3:bb:d0:a0:18:2a:e3:6b:6d:b5:c7:5c:19:31:ff: > 66:f7:31:71:0f:eb:6d:db:33:f5:fe:90:bf:db:96:f7:02:60: > 97:98:89:c5:dc:5f:80:74:6e:6b:67:ec:8b:33:1e:f2:63:05: > 20:ee:eb:6d:2f:40:c0:2d:5a:49:8e:90:80:8b:f6:10:7d:90: > e2:ea:72:33:90:ab:1f:76:07:41:29:3e:da:e0:58:b6:dc:81: > 66:e1:f6:f2:0f:99:2a:71:50:bf:c2:0f:50:ab:b7:50:3b:55: > 50:7d:eb:ba:73:2d:bb:8e > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110130): https://edk2.groups.io/g/devel/message/110130 Mute This Topic: https://groups.io/mt/102201552/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-