Difficulty of enrollment of a rourer

1

when i start router's enrollment i have an error concernin the CSR
root@test1:/# cat /tmp/tmp.iLZ5YqULNA
INFO: config file exists in /var/lib/private/ziti-router/config.yml
{"file":"github.com/openziti/ziti/router/env/config_edge.go:398","func":"github.com/openziti/ziti/router/env.(*EdgeConfig).loadCsr","level":"info","msg":"loaded csr info from configuration file at path [edge.csr]","time":"2025-05-08T14:57:49.647Z"}
{"file":"github.com/openziti/ziti/router/env/config_edge.go:159","func":"github.com/openziti/ziti/router/env.(*EdgeConfig).LoadEdgeConfigFromMap","level":"warning","msg":"Invalid heartbeat interval [0] (min: 60, max: 10), setting to default [60]","time":"2025-05-08T14:57:49.647Z"}
{"file":"github.com/openziti/ziti/ziti/enroll/enroll_edge_router.go:64","func":"github.com/openziti/ziti/ziti/enroll.(*enrollEdgeRouterAction).enrollEdgeRouter","level":"fatal","msg":"enrollment failure: (enrollment failed received HTTP status [400 Bad Request]: {"error":{"cause":{"code":"UNHANDLED","message":"csrPem must not be null or empty"},"code":"COULD_NOT_PROCESS_CSR","message":"The supplied csr could not be processed","requestId":"RKzELJiGI"},"meta":{"apiEnrollmentVersion":"0.0.1","apiVersion":"0.0.1"}}\n)","time":"2025-05-08T14:57:49.782Z"}
DEBUG: using config file: /var/lib/private/ziti-router/config.yml
DEBUG: preparing working directory: /var/lib/private/ziti-router
DEBUG: ZITI_ENROLL_TOKEN is defined in /opt/openziti/etc/router/bootstrap.env
DEBUG: using config: /var/lib/private/ziti-router/config.yml
Please someone have an idea about how to solve this problem?

2

edge:
csr:
country: US
province: NC
locality: Charlotte
organization: NetFoundry
organizationalUnit: Ziti
sans:
dns:
- localhost
- test1
ip:
- "127.0.0.1"
- "::1"
- "192.168.10.236"
enrollment:
token: /tmp/ziti_router.jwt
this is the CSR part of configuration part of router if it can be usefull

3

Is the JWT enrollment token of type "identity" or "router"?

With ZAC: Did you create the identity in the "Identities" tab or in the "Routers" tab?

With CLI: Did you ziti edge create identity ... or ziti edge create edge-router ...?

2 Likes
4

in fact i had create from the console and i had rather chosen identity but i rectified it's good now thanks

5

@frm, nicely done! I wouldn't have guessed that immediately but jolly good guess!!! :slight_smile: