Q:Generating Certificates for ZAC Without Using Docker Quickstart

Help. I am trying to simulate ZAC using POSTMAN (I have not actually installed ZAC, but I understand the problem is the same). Through the article at

, I only saw "If you have used the Local - With Docker quickstart to start the network you can copy the certificates generated when the controller started." I did not see how to generate the corresponding certificates if I do not use the Docker quickstart. Could you please tell me how to manually generate certificates suitable for ZAC?

Additionally, I used the command source /dev/stdin <<< "$(wget -qO- https://get.openziti.io/ziti-cli-functions.sh); expressInstall" to quickly install ziti on Ubuntu, is there a ready-made certificate available for ZAC to use?

Hi @KerwinKoo. I would probably recommend you do the following;

  • make a new identity that's an administrator:

    ziti edge create identity myadmin --admin -o myadmin.jwt
    
  • enroll the identity so that it generates a key and cert:

    ziti edge enroll myadmin.jwt
    
  • use the ziti cli to unwrap that identity to get discrete key/cert/ca files;

    ziti ops unwrap myadmin.json
    
  • the files come with file mode 000 on them so make them usable by your user

    chmod 700 myadmin.*
    
  • use those unwrapped files for connections - for example with curl:

    curl -s \
        --cert myadmin.cert \
        --key myadmin.key \
        --cacert myadmin.ca \
        -X POST https://localhost:8441/edge/management/v1/authenticate?method=cert \
    	| jq -r .data.token
    
  • use the token that comes back in subsequent requests along with the cert/key/ca

    token="39734f04-9687-48de-acff-6663d31dc122"
    curl -s \
        --cert myadmin.cert \
        --key myadmin.key \
        --cacert myadmin.ca \
        -H "zt-session:$token" \
        -X GET https://localhost:8441/edge/management/v1/identities \
    	| jq .data[]
    

That give you enough to go on? I think it should but if not let me know...

Great, it works. Thank you very much!