Sorry @markamind, I again fell into other issue here, causing like panic: config file (“$HOME/golang.http.server.json”) is not found
Is golang.http.server.json already specified ? Thanks
1 Like
all ok.. it took me ages to work through things. I still have a few gaps.. 
In this specific example.. which I will write up about soon.."golang.http.server" is an identity that I enrolled on a server.
When you create an identity.. Open Ziti generates a jtw token that you use for enrolling the identity.
In this case.. as the identity is used to represent the http service... I moved it onto the server.. and used the ziti edge enroll to enroll the identity..
this creates the json file in the same directory that you run it from
When you inspect the contents of the json file.. you will noticed that it has the chain of certificates required for mutual TLS... ie.. after the server has confirmed that it is how it is from the certificate issued by the certificate authority.. the client then confirms it is the real client .. using this chain of certificates in the json file
As I am more of an app developer than security admin technician.. I have found this quite a bit to chew on for a while... but as you work through it all... it does all start to work together nicely..
I think in this specific example, I would encourage you to start really small.
Here is a download of my journey before I tackled a reverse proxy... which I am still working through because those certificates need to be setup correctly.. (which has taken me days to work through)
1 Like
That's great though. I wondered how you did generate that json file. Did you try with ziti edge cmd?
Also in your summary you mentioned like
So, where I can find that file.
In the readme file, I grabbed this below GitHub - openziti/sdk-golang: Ziti SDK for Golang
Prerequisite: Ziti Enrollment token in JWT format (e.g. device.jwt)
Run enrollment process to generate SDK configuration file -- device.json
I again confused here, do I need to setup those before I take step ahead to run the application? If so, how I can generate those. Any links plz?
the json file is created when you run the ziti edge enrol command
when you do this, you need to pass in the jwt file
the jwt file is created when you create an identity
To create an identity.. you have two options
- via ziti command
- via ziti admin controller
Either are ok:)
1 Like
I you are getting stuck… find some time to watch the videos on youtube… they are very helpful
Hi @afzal442. Welcome to the community!
@markamind has done a great job of giving you a ton of good info. Thanks @markamind !
An overlay network embracing zero trust principles, like OpenZiti, will be predicated on having a strong identity. You get that strong identity through a process called “enrollment”. The output of that process is often (not always) a json file that represents your strong identity. That’s the piece you’re missing.
You’ll also probably want to have TWO identities. One for your ‘client’, one for your ‘server’.
I’d suggest looking at the code in sdk-golang/exercises/http at main · openziti/sdk-golang · GitHub as @markamind references. It shows you examples of ‘before’ ziti and ‘after’ ziti. It doesn’t tell you how to get that json file though. For that you want to make an identity (or two) and enroll it. The enrollment doc should hopefully help you there.
Keep going - you’ll get it in now time!
2 Likes