Creating certs for a remote private router

markamind · August 8, 2022, 5:49am

PS.. I know what causes the problem with scp for OCI. its the command you added into the bash profile. this apparently mucks it up.. and errors.. once you comment this out.. it works as normal

TheLumberjack · August 8, 2022, 10:11am

Interesting! Yes you’re right. Apparently the echo during the sourcing causes the issue. Now I want to understand why Ubuntu doesn’t seem to have that particular problem. Thanks for pointing that out!

markamind · August 8, 2022, 10:54am

The Oracle Linux certainly has its points of difference

markamind · August 8, 2022, 11:03am

Thanks for sharing these specific details.. I was not 100% sure about how to set this up..

TheLumberjack · August 8, 2022, 11:14am

I also remembered that I did not explain what i did to fix the command and how the zitiLogin was breaking. In my original post to @markamind I had neglected to use one special field which I thought I transcribed. All the certs, the client certs and the server certs need to use the same key. In the original command I forgot to pass the --key-file parameter. I fixed that error above with the highlighted line:

This was the missing step. During the process I also discovered that I only gave him one of two needed commands (the controller pki) and forgot about the edge pki.

markamind · August 9, 2022, 12:52pm

Slowly working through all of this… I have most things worked out now… and are working on rebuilding the server and router certificates

This has been a really valuable learning exercise.

markamind · August 9, 2022, 1:08pm

TheLumberjack:

cat <<HERE

    CONTROLLER server cert use:
        $(find $ZITI_HOME -name "*${new_ctrl_cert_name}*chain.pem")
    EDGE CONTROLLER server cert use:
        $(find $ZITI_HOME -name "*${new_edge_ctrl_cert_name}*chain.pem")

HERE

I am not sure I follow this step. Is this one command? What does HERE mean?

Is this step making the chain.pem file foe each of the certificates.. if so.. how does it make the file name

My bash skills still needs more work

TheLumberjack · August 9, 2022, 1:55pm

just copy and paste the whole block and it’ll execute. Alternatively, just execute these commands:

# find the CONTROLLER server cert use:
$(find $ZITI_HOME -name "*${new_ctrl_cert_name}*chain.pem")

# find EDGE CONTROLLER server cert use:
$(find $ZITI_HOME -name "*${new_edge_ctrl_cert_name}*chain.pem")

Then if you’re interested to learn more, lookup and read about heredocs . It was an attempt to make it easier than harder - which seems to have failed!

markamind · August 10, 2022, 12:53am

No.. no failure.. and in fact.. very helpful.. as it helps me learn more.

qrkourier · December 6, 2022, 6:13pm

What is the meaning of the _server_cert identity property on a web bind point?

TheLumberjack · December 6, 2022, 6:45pm

it’s an easy way to backup an entry in yaml or in json… just prepend it with an underscore so that the parser just kinda ignores it.

i often prepend the underscore like that so it’s easy to ‘undo’ if i need to.

Topic		Replies	Views
Ziti CLI create CSR not accepting flags and missing ca_name arg General Questions	11	161	July 6, 2023
Totally custom, self-maintained PKI Ziti Overlay	6	297	August 25, 2022
Zero trust postgres example, how do I create an identity for the java app?	16	141	November 12, 2023
Quickstart in AWS General Questions	5	168	October 14, 2022
QuickStart Certificate Authority summary Ziti Overlay	5	253	November 26, 2022

Creating certs for a remote private router

Related Topics