[GH-ISSUE #1605] Please add ca-netboot-xyz.crt to version management #2072

New issue

Open

opened 2026-03-01 18:38:18 +03:00 by kerem · 0 comments

kerem commented 2026-03-01 18:38:18 +03:00

Owner

Copy link

Originally created by @zhangyoufu on GitHub (Apr 3, 2025).
Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/1605

Is your feature request related to a problem? Please describe.
The ca-netboot-xyz.crt is the trust anchor for this project. It is resonable to check https://boot.netboot.xyz/sigs/menu.ipxe.sig against this CA cert before chainloading. I am not aware where I can find this CA certificate, except extracting it from .sig files.

Describe the solution you'd like
Add ca-netboot-xyz.crt and codesign.crt into this repo, so that whoever interested in chain of trust could find and consume them more easily.

Describe alternatives you've considered
Something like https://ca.ipxe.org ? netboot.xyz does not cross-sign WebPKI root CAs, so may be too heavy.
But make the CA cert available via http/https URL is still helpful.

Additional context
ca-netboot-xyz.crt is about to expire on Jan 28 16:37:31 2026 GMT. Could you please schedule a rotation and annouce it?

Originally created by @zhangyoufu on GitHub (Apr 3, 2025). Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/1605 **Is your feature request related to a problem? Please describe.** The `ca-netboot-xyz.crt` is the trust anchor for this project. It is resonable to check `https://boot.netboot.xyz/sigs/menu.ipxe.sig` against this CA cert before chainloading. I am not aware where I can find this CA certificate, except extracting it from .sig files. **Describe the solution you'd like** Add `ca-netboot-xyz.crt` and `codesign.crt` into this repo, so that whoever interested in chain of trust could find and consume them more easily. **Describe alternatives you've considered** Something like https://ca.ipxe.org ? netboot.xyz does not cross-sign WebPKI root CAs, so may be too heavy. But make the CA cert available via http/https URL is still helpful. **Additional context** `ca-netboot-xyz.crt` is about to expire on `Jan 28 16:37:31 2026 GMT`. Could you please schedule a rotation and annouce it?

kerem added the

enhancement

label 2026-03-01 18:38:18 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

development

add-ubuntu-26.04

renovate/ansible-13.x

master

RC

changelog/3.0.1

feat/enable-rolling-builds

feat/secureboot-shim-devuan-kali

feature/secureboot-release-artifacts

copilot/sub-pr-1738

claude/issue-1703-20251117-0231

claude/issue-1703-20251117-0226

claude/issue-1703-20251117-0220

copilot/add-regex-manager-for-workflow-files

copilot/update-install-dependencies-step

copilot/fix-6503c0f7-4459-4828-8fe9-0b7f297ed932

claude/issue-1672-20250912-0331

testing

kairos_support

test

antonym/add-mac-pass

3.0.1

3.0.1-RC

3.0.0

3.0.0-RC

2.0.89

2.0.89-RC

2.0.88-RC

2.0.88

2.0.87-RC

2.0.87

2.0.86

2.0.86-RC

2.0.85

2.0.85-RC

2.0.84

2.0.84-RC

2.0.83

2.0.83-RC

2.0.82-RC

2.0.82

2.0.81-RC

2.0.81

2.0.80

2.0.80-RC

2.0.79

2.0.79-RC

2.0.78

2.0.78-RC

2.0.77-RC

2.0.77

2.0.76

2.0.76-RC

2.0.75

2.0.75-RC

2.0.74

2.0.74-RC

2.0.73

2.0.73-RC

2.0.72

2.0.72-RC

2.0.71

2.0.71-RC

2.0.70

2.0.70-RC

2.0.69

2.0.69-RC

2.0.68

2.0.68-RC

2.0.67

2.0.67-RC

2.0.66

2.0.66-RC

2.0.65

2.0.65-RC

2.0.64

2.0.64-RC

2.0.63

2.0.63-RC

2.0.62

2.0.62-RC

2.0.61

2.0.61-RC

2.0.60

2.0.60-RC

2.0.59

2.0.59-RC

2.0.58

2.0.58-RC

2.0.57

2.0.57-RC

2.0.56

2.0.56-RC

2.0.55

2.0.55-RC

2.0.54

2.0.54-RC

2.0.53

2.0.53-RC

2.0.52

2.0.52-RC

2.0.51

2.0.51-RC

2.0.50

2.0.50-RC

2.0.49

2.0.49-RC

2.0.48

2.0.48-RC

2.0.47

2.0.47-RC

2.0.46

2.0.46-RC

2.0.45

2.0.45-RC

2.0.44

2.0.44-RC

2.0.43

2.0.43-RC

2.0.42

2.0.42-RC

2.0.41

2.0.41-RC

2.0.40

2.0.40-RC

2.0.39

2.0.39-RC

2.0.38

2.0.38-RC

2.0.37

2.0.37-RC

2.0.36

2.0.36-RC

2.0.35

2.0.35-RC

2.0.34

2.0.34-RC

2.0.33

2.0.33-RC

2.0.32

2.0.32-RC

2.0.31

2.0.31-RC

2.0.30

2.0.30-RC

2.0.29

2.0.29-RC

2.0.28

2.0.28-RC

2.0.27

2.0.27-RC

2.0.26

2.0.26-RC

2.0.25

2.0.25-RC5LI

2.0.25-RC

2.0.24

2.0.24-RC

2.0.23

2.0.23-RC

2.0.22

2.0.22-RC

2.0.21

2.0.21-RC

2.0.20

2.0.20-RC

2.0.19

2.0.19-RC

2.0.18

2.0.18-RC

2.0.17

2.0.17-RC

2.0.16

2.0.16-RC

2.0.15

2.0.15-RC

2.0.14

2.0.14-RCZQD

2.0.14-RC

2.0.13

2.0.13-RC17N

2.0.13-RC

2.0.12

2.0.12-RC

2.0.11

2.0.10

2.0.10-RC

2.0.9

2.0.9-RC2N0

2.0.9-RC

2.0.8

2.0.8-RC

2.0.7

2.0.7-RC

2.0.6

2.0.6-R1-RC

2.0.6-RC

2.0.5

2.0.5-RC

2.0.4

2.0.4-RC

2.0.3

2.0.3-RC

2.0.2

2.0.2-RC

2.0.1

2.0.1-RC

2.0.0

2.0.0-RC

1.9.91-RC

1.9.9

1.9.9-RC

1.9.8-RC

1.0.0

1.9.7-RC

Labels

Clear labels   

Hacktoberfest

  

Hacktoberfest

  

bootloader

  

bsd

  

bug

  

confirmed

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

eol

  

experimental-merged

  

freebsd

  

help wanted

  

invalid

  

investigate

  

ipxe

  

linux

  

live-os

  

memdisk

  

menu

  

no-issue-activity

  

no-issue-activity

  

pull-request

Mirrored from GitHub Pull Request

  

released

  

todo

  

upstream

  

windows

  

windows

  

work-in-progress

No labels

Hacktoberfest

Hacktoberfest

bootloader

bsd

bug

confirmed

documentation

duplicate

enhancement

enhancement

enhancement

eol

experimental-merged

freebsd

help wanted

invalid

investigate

ipxe

linux

live-os

memdisk

menu

no-issue-activity

no-issue-activity

pull-request

released

todo

upstream

windows

windows

work-in-progress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/netboot.xyz#2072

No description provided.