Best Practices for Security
Create an Admin Identity
The default admin identity is initialized with a password. Store the password in a secure location and create a new admin identity for certificate authentication.
Create an admin2 identity for certificate authentication
ziti edge create identity admin2 --admin --jwt-output-file admin2.jwt
Copy token to the admin device and enroll
ziti edge enroll admin2.jwt
Log in to https://ctrl.ziti.example.com:443 with an identity file
ziti edge login ctrl.ziti.example.com --file admin2.json
Certificate Authentication with the Console
Enroll an admin identity as shown above.
Unwrap the JSON file to obtain the certificate and private key.
Unwrap the JSON fileziti ops unwrap admin2.json
Correct the filemode for the certificate and private key.
Correct the filemodechmod -c u+rwadmin2.cert admin2.key
Compose a keystore from the certificate and private key.
openssl pkcs12 -export -in admin2.cert -inkey admin2.key -out admin2.p12 -name "admin2"
In you web browser, import the keystore in your client certificates.
Visit the console and punch to login button without entering a password.