Had a few questions lately about iPXE’s HTTP(S) support and what’s supported and not. First of I saw a customer who had set up a new HTTP only DP and distributed ALL his packages to that in order to use our 2PXE Server. As I pointed out to him, that aint needed, only the boot images needs to be on the HTTP DP. All the rest of the packages can be on a HTTPS mode DP, as they will be accessed from WinPE over HTTPS.
Ok, so some people have thought that is a bit of pain in the ass to set this up just to get booting. So what are we doing about this?
iPXE and HTTPS works today, just use a generic certificate that is trusted. The real problem is with ConfigMgr that requires not only HTTPS, but a client cert to be present in order to authenticate, also known as a Client Certificate. Not a technical issue but currently it requires you to create and build your own iPXE binary per certificate being used.
When all of this is in place the process will then be:
2. HTTPS back to the 2PXE server to get the right client cert.
3. HTTPS back to the DP to get the boot image.
//2Pint Software in Italia working of laptop as all HW is unplugged due to severe T-Storms.