Hi @k1nty, welcome to the community and hello from Reddit! You seem to be attacking much of OpenZiti quickly, nice!
Your post is long and has a few things for me to address, I'll try to catch them all...
I can confirm this is a ZAC bug. I had the same problem. (@rgalletto fyi, this breaks ZAC's 3rd party ca verification). The "easy" workaround is to use the ziti CLI. The "TOKEN" field is what you want/need to copy to move forward:
ziti edge list cas
╭────────────────────────┬───────────────┬───────┬────────────┬─────────────┬───────────────────────────────────────────────────────────────╮
│ ID │ NAME │ FLAGS │ TOKEN │ FINGERPRINT │ CONFIGURATION │
├────────────────────────┼───────────────┼───────┼────────────┼─────────────┼───────────────┬──────────────────────┬────────────────────────┤
│ 6yoA2Xup2pQNv8KsPmCAmv │ new_ca_182739 │ [OE] │ d-iYxevxd │ - │ AutoCA │ Identity Name Format │ [caName]-[commonName] │
│ │ │ │ │ │ ├──────────────────────┼────────────────────────┤
│ │ │ │ │ │ │ Identity Roles │ │
╰────────────────────────┴───────────────┴───────┴────────────┴─────────────┴───────────────┴──────────────────────┴────────────────────────╯
results: 1-1 of 1
Flags: (V) Verified, (A) AutoCa Enrollment, (O) OttCA Enrollment, (E) Authentication Enabled
The instructions on the video are old too using older variables. You can 'fix' the missing variable by setting one var:
export ZITI_EDGE_CTRL_ADVERTISED="${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}:${ZITI_CTRL_EDGE_ADVERTISED_PORT}"
After that, you should be able to run the curl commands shown in description of the video and you can avoid using ZAC for this bit. You also need to be on the lookout for > commands if you copy from the notes of the video. They need to be converted to > as in this command where I had to change > (i think there are a few of these to be on the lookout for):
curl -sk https://${ZITI_EDGE_CTRL_ADVERTISED}/.well-known/est/cacerts > ${ZITI_PKI}/fetched-ca-certs.p7
Do note that at this time, the ziti desktop edge for windows (or Mac) does not 'natively' support enrolling 3rd party CAs identities, only the ziti cli or ziti-edge-tunnel should support them there just isn't any UI support yet. You can use them but you can't enroll them yet. 
You will have to add the identity manually after enrolling to C:\Windows\System32\config\systemprofile\AppData\Roaming\NetFoundry and then restart the ZDEW using the big green button on the ui (or net stop ziti & net start ziti)
You should never need to uninstall/reinstall the software either fwiw 
If you find yourself doing that, please just throw up a discourse post and we'll get you an answer asap...
I think I'll stop here and let you reply. Hopefully that gets you moving along again. I'll be offline all weekend but I may check in from time to time. If someone else sees your response and can help, I'm sure they will.
Cheers