Implementing external SSL certificates

toms24x7 · August 19, 2024, 1:21pm

Hi,

I want to implement our own SSL certificates from our public domain to the ziti server, however i am not really getting anywhere.

we have a wildcard certificate for our domain which i want to implement instead of the self signed https certificate.
I did these two commands during the installation:
ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/certs/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.chain.pem" "${ZITI_HOME}/ziti-console/server.chain.pem"
ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/keys/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.key" "${ZITI_HOME}/ziti-console/server.key"

If you could explain me how to replace this certificate for a public one i would greatly appriciate it!

Thanks

TheLumberjack · August 19, 2024, 1:36pm

First, you are highly encouraged to allow OpenZiti to manage it's PKI. I'm sure you have a reason for not wanting to allow it to manage it's own PKI, maybe you can explain why? I'm interested to understand why the self-signed/generated PKI is not viable for you and what's driving you to want to change the certificates out.

I think perhaps first starting there, before diving too deeply into this topic is a good start?

If you're interested, I did a Ziti TV on this topic a couple months ago. It might be worth watching, if interested:

Topic		Replies	Views
Totally custom, self-maintained PKI Ziti Overlay	6	425	August 25, 2022
ZAC (manage certificate authorities)	8	48	August 27, 2024
How to use our own public CA certificates (e.g. Let's Encrypt) in OpenZiti? Ziti Overlay	11	101	September 12, 2024
Let's Encrypt on Controller General Questions	3	553	February 9, 2023
Tls certification error	1	13	October 24, 2024

Implementing external SSL certificates

Related Topics