Help. I am trying to simulate ZAC using POSTMAN (I have not actually installed ZAC, but I understand the problem is the same). Through the article at
, I only saw "If you have used the Local - With Docker quickstart to start the network you can copy the certificates generated when the controller started." I did not see how to generate the corresponding certificates if I do not use the Docker quickstart. Could you please tell me how to manually generate certificates suitable for ZAC?
Additionally, I used the command source /dev/stdin <<< "$(wget -qO- https://get.openziti.io/ziti-cli-functions.sh); expressInstall" to quickly install ziti on Ubuntu, is there a ready-made certificate available for ZAC to use?
Hi @KerwinKoo. I would probably recommend you do the following;
-
make a new identity that's an administrator:
ziti edge create identity myadmin --admin -o myadmin.jwt
-
enroll the identity so that it generates a key and cert:
ziti edge enroll myadmin.jwt
-
use the ziti cli to unwrap that identity to get discrete key/cert/ca files;
ziti ops unwrap myadmin.json
-
the files come with file mode 000 on them so make them usable by your user
chmod 700 myadmin.*
-
use those unwrapped files for connections - for example with curl:
curl -s \
--cert myadmin.cert \
--key myadmin.key \
--cacert myadmin.ca \
-X POST https://localhost:8441/edge/management/v1/authenticate?method=cert \
| jq -r .data.token
-
use the token that comes back in subsequent requests along with the cert/key/ca
token="39734f04-9687-48de-acff-6663d31dc122"
curl -s \
--cert myadmin.cert \
--key myadmin.key \
--cacert myadmin.ca \
-H "zt-session:$token" \
-X GET https://localhost:8441/edge/management/v1/identities \
| jq .data[]
That give you enough to go on? I think it should but if not let me know...
Great, it works. Thank you very much!