Hi Laszlo,

If I generate the certificate like

openssl req -new -nodes -x509 -days 365 -keyout server.key -out server.crt -config config

it works perfectly fine (with the original configuration).

The problem stands with the *chain* of certificates, meaning that I have a root certificate (let's call it A) and sign another one for an IP (let's call it B). Then in the image server with such IP I set the certificate B, and in the VM I trust the certificate A. Unless I missed something, this scenario is not covered in https://listman.redhat.com/archives/edk2-devel-archive/2019-October/009601.html.

Could you confirm this is supposed to work?

Thank you very much for your time on this, I appreciate it!

Jacopo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110367): https://edk2.groups.io/g/devel/message/110367
Mute This Topic: https://groups.io/mt/102201552/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-