Having an X.509 digital certificate ensures that both parties in an SSL connection are who they say they are.
To obtain a certificate for the PXE, create a Certificate Signing Request (CSR) and submit it to a certificate authority (CA). After the CA processes the information in the CSR, it provides you with an SSL certificate, which you must install on the PXE device.
Note: If you are using an SSL certificate that is part of a chain of certificates, each part of the chain is signed during the validation process.
Note: See Forcing HTTPS Encryption for instructions on forcing users to employ SSL when connecting to the PXE.
A CSR is not required in either of the following scenarios: