Your command is a tiny bit off…
Can you issue a curl to get just the bundle? (assuming your install has the ZITI_EDGE_CTRL_ADVERTISED_HOST_PORT env var set, you can just run:
curl -vk https://"${ZITI_EDGE_CTRL_ADVERTISED_HOST_PORT}/.well-known/est/cacerts"
then if that looks like ‘something’ (it should be a big chunk of JUST base 64 encoded data, probably ending with one or more equals signs: =
)…
Then try running (copy paste all three lines and run them as one command):
curl -vk https://"${ZITI_EDGE_CTRL_ADVERTISED_HOST_PORT}/.well-known/est/cacerts" \
| openssl base64 -d \
| openssl pkcs7 -inform DER -outform PEM -print_certs -text
That should print all your certs in your CA bundle but output them as certificates… If you get certs, try running this:
curl -sk https://"${ZITI_EDGE_CTRL_ADVERTISED_HOST_PORT}/.well-known/est/cacerts" \
| openssl base64 -d \
| openssl pkcs7 -inform DER -outform PEM -print_certs -text \
| grep 'Subject:'
I get output that looks like this:
Subject: C=US, L=Charlotte, O=NetFoundry, OU=ADV-DEV, CN=ip-172-31-45-134-signing-intermediate
Subject: C=US, L=Charlotte, O=NetFoundry, OU=ADV-DEV, CN=ip-172-31-45-134 server certificate
Subject: C=US, L=Charlotte, O=NetFoundry, OU=ADV-DEV, CN=ip-172-31-45-134-intermediate
Subject: C=US, L=Charlotte, O=NetFoundry, OU=ADV-DEV, CN=ip-172-31-45-134-signing-intermediate
Subject: C=US, L=Charlotte, O=NetFoundry, OU=ADV-DEV, CN=ec2-18-225-8-209.us-east-2.compute.amazonaws.com-intermediate
Subject: C=US, L=Charlotte, O=NetFoundry, OU=ADV-DEV, CN=ec2-18-225-8-209.us-east-2.compute.amazonaws.com-intermediate
If you get that far… Well we can think about the NEXT step to try…