From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 55415941C31 for ; Thu, 26 Oct 2023 17:19:51 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=vY4UguVmqz8eYHOkA1zSMYXmH+BOovpqQPFmHMfGNxo=; c=relaxed/simple; d=groups.io; h=Subject:To:From:User-Agent:MIME-Version:Date:References:In-Reply-To:Message-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20140610; t=1698340790; v=1; b=ntaquBCDx9EAc3BNmPXEP+q3XUdNS3Y8GiEqjQwdxUUka+XO5/rnC5IdvNQg7ovL134yeqeU 3YmqfAvsIBlAoFTJ94zBULf7DpGjnA6D1vodaU7/lactU2APQ4/Yx20aojpwu4nTRYqwtiHmO4m RA/Fex689P8gmW6TDcQzqG3Q= X-Received: by 127.0.0.2 with SMTP id WTkSYY7687511xHEp4J5q56g; Thu, 26 Oct 2023 10:19:50 -0700 Subject: Re: [edk2-devel] SSL handshake in HTTPS boot if the certificate was signed with a root certificate To: jacopo.r00ta@gmail.com,devel@edk2.groups.io From: jacopo.r00ta@gmail.com X-Originating-Location: IT (95.231.171.15) X-Originating-Platform: Linux Firefox 118 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Thu, 26 Oct 2023 10:19:49 -0700 References: <19195.1698340491183979433@groups.io> In-Reply-To: <19195.1698340491183979433@groups.io> Message-ID: <19195.1698340789367540128@groups.io> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jacopo.r00ta@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: UU02ShhSZnbsjWBCsEdXhFPax7686176AA= Content-Type: multipart/alternative; boundary="YGOzVWNAeGLf8wqVFiGO" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ntaquBCD; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io --YGOzVWNAeGLf8wqVFiGO Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable In order to install the certificate I did something very naive: 1) I deployed an OS to the machine 2) Stored rootCA.der under /boot/efi/EFI/BOOT/ 3) Restarted the machine 4) press F2 and install the certificate as it was available in the storage 5) select HTTPS boot in the boot list. My nginx server is pretty simple, and it's configured as server { listen [::]:5248; listen 5248; server_name 192.168.120.1 ; ssl_certificate path_to_myip.crt; ssl_certificate_key path_to_myip.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110132): https://edk2.groups.io/g/devel/message/110132 Mute This Topic: https://groups.io/mt/102201552/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --YGOzVWNAeGLf8wqVFiGO Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

In order to install the certificate I did something very naive: 

1) I deployed an OS to the machine
2) Stored rootCA.der un= der /boot/efi/EFI/BOOT/

3) Restarted the machine

4) press F2 and install the certificate as it was available in the stora= ge

5) select HTTPS boot in the boot list.

 

My nginx server is pretty simple, and it's configured as

server {

listen [::]:5248;

listen 5248;


server_name     192.168.120.1;

ssl_certificate path_to_myip.= crt;

ssl_certificate_key path_to_myip.key;

ssl_protocols   TLSv1 TLSv1.1 TLSv1.2 = TLSv1.3;

ssl_ciphers HIGH:!aNUL= L:!MD5;

 

_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#110132) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--YGOzVWNAeGLf8wqVFiGO--