Thank you Paul, that’s very helpful.
When upgrading to 1.1.6, the trust domain was introduced. Does that mean that I need to create new certificates for each controller/router but also need to exchange every identity with one that’s been created after the upgrade?
This answer says I would only need to define one in the config files however the docs say
- The controller client and server certificates must contain a SPIFFE ID.
Or does Ziti >1.1.6 only require a trust domain set but now necessarily embedded into the certs?