Manage certificates


  certstore [--subject <subject>] [--keep] [<uri>]


Download a certificate to the certificate store


Download a certificate chain to the certificate store



Add the specified certificates to the certificate store. If a URI is specified, then it will be downloaded and treated as a PEM or DER-encoded certificate file. The certificate file will be discarded after extracting the certificates unless the --keep option is specified. If a subject name is specified, then only certificates matching the specified name will be added to the certificate store.

Command status

Success All specified certificates were successfully added to the store
Failure Some certificates were not successfully added to the store

See also

Build options

This command is available only when the build option CERT_CMD is enabled.


The --subject option will match against the certificate's Common Name and any Subject Alternative Names, if present.

Downloaded certificates will be marked as [EXPLICIT] in the output of the certstat command.

Certificate files may include multiple PEM-encoded certificates.

You can use certstore as a manual alternative to the crosscert mechanism, by explicitly downloading the required cross-signed certificate chain. For example:


This can be useful if you are operating on a network without access to, since you can use certstore to download a local copy of the certificate chain.

cmd/certstore.txt ยท Last modified: 2016/08/31 18:39 by mcb30
Recent changes RSS feed CC Attribution-Share Alike 4.0 International Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL
References to "iPXE" may not be altered or removed.