Server certificate authority is already trusted

Quick hi… its been a while since my last post… and are starting to get back into it again

One thing that I would like to understand is the following message that happens when I run the following command


Server certificate authority is already trusted. Are you sure you want to provide an additional CA [Y/N]: y

From memory… I don’t believe this happened when I first setup OpenZiti… so its probably related to something I have done my side.

Any insights on how to stop this message from appearing… or at least how to identify where the second CA is located.


when you run ziti edge login (the command zitiLogin executes), it’ll save/cache the certificates from the controller for you. you probably refreshed your environment and they changed is my guess?

You can inspect this location if you ran the quickstart: $ZITI_HOME/ziti-cli.json and have ZITI_HOME configured. Else look in $HOME/.config/ziti/ziti-cli.json

You can almost certainly safely ignore this issue. If you can reproduce it though, do provide the steps and I’ll comment again as needed

Interesting… I just archived the ziti-cli.json file… and rerun zitiLogin… and received the same message.

I also inspected the ziti-cli.json file and only noticed one CA.

Is there anything else that I can check?

It’s not a known issue at the moment and with the current steps to reproduce I’m not sure there’s enough info for me to really understand what is happening. I’ll see if I can poke around and replicate.

Its probably something I have done to my machine… I remember that when I created a certificate authority… I needed to copy the CA cert to the following directory.

update-ca-trust enable;

Maybe this is what is confusing it…