iPXE - Installation Media - https support - S3 - Red Hat - Host boot disk image

Thanks in advance for any pointer or help with this.

I am trying to host the RHEL repos on S3 compatible storage and I only have https access to it.

Normally iPXE is only setup for http, but it sounds like it can support https.

When I setup the https Installation Media it seems to work just fine, but when I use the host disk image and iPXE I get a message:
Could not start download: Operation not supported (http://ipxe.org/3c092003)
And that is because I am using https instead of http.

I think I am getting the iPXE files from:
ipxe-bootimgs-20170123-1.git4e85b27.el7_4.1.noarch

I am not sure which files I am really using?
/usr/share/ipxe/ipxe.dsk
/usr/share/ipxe/ipxe.efi
/usr/share/ipxe/ipxe.iso
/usr/share/ipxe/ipxe.lkrn
/usr/share/ipxe/ipxe.usb
/usr/share/ipxe/undionly.kpxe

This talks about the use of https:
http://ipxe.org/crypto

I am thinking some of the above files become part of the host disk image and that if I changed them it would work with https.

Does this sound like it is possible to do?

Thanks!
Jerry

Bootdisk takes iPXE image (lkrn file) and puts that into the image. You want to rebuild lkrn from scratch putting your CA certificate into the lkrn file if you want to use HTTPS. There is no support in Bootdisk for that.

Red Hat fellow sent some patches upstream to relax CA cert verification and to be also able to supply CA cert fingerprint in ipxe script file itself.

http://lists.ipxe.org/pipermail/ipxe-devel/2017-May/005620.html

It did not get review tho. So in the future there is hope Bootdisk will support that.

But keep in mind X509 implementation in iPXE is custom copy*paste implementation, I would not rely on it in highly-secure environments. Or do an audit at least.