You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During image creation, bottlerocket uses the pesigcheck utility to verify secureboot signatures on all signed artifacts. The signature validation is implemented via libnss.
Bottlerocket SDK 0.43.0 release will move to NSS 3.101.
In NSS 3.101, lib::pkix was enabled as the default X.509 validator. This causes pesigcheck to fail with "Peer's Certificate issuer is not recognized," despite the CA issuer being provided to pesigcheck for the check.
The text was updated successfully, but these errors were encountered:
During image creation, bottlerocket uses the
pesigcheckutility to verify secureboot signatures on all signed artifacts. The signature validation is implemented via libnss.Bottlerocket SDK 0.43.0 release will move to NSS 3.101.
In NSS 3.101, lib::pkix was enabled as the default X.509 validator. This causes
pesigcheckto fail with "Peer's Certificate issuer is not recognized," despite the CA issuer being provided topesigcheckfor the check.The text was updated successfully, but these errors were encountered: