ziti pki le
This is pretty cool... just found this 
To be clear - this interacts with your local PKI, not with Lets Encrypt (yet). When you run ziti pki (like the quick start script does, you have the ability to create an entire PKI but, it’s not Lets Encrypt. It’s a local PKI, generated locally.
It’s a minor difference but it’s important. Lets Encrypts certificates are able to be validated certificates in all major operating systems because the operating systems ships the “Root CA” in the operating system.
This is not the case for the PKI you generate using ziti pki. That certificate chain will terminate with a “self-signed” certificate, one which you create, and one which is not distributed with operating systems.
Anyone reading this should read about out the differences of “self-signed certificates” on the internet. It’s a complex topic, I can’t cover it all here
Thanks for the note!
1 Like