You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There seems to be a flaw in the logic that determines whether a bundle exists in the CA.
# this fails expectedly because server.key does not yet exist, so let's create it in the next step
❯ ziti pki create server \
--pki-root pki \
--ca-name intermediate \
--key-file server \
--server-file server \
--dns ziti.example.com
Using CA name: intermediate
error: cannot sign: failed fetching private key: failed fetching bundle intermediate within CA server: failed reading pki/intermediate/keys/server.key: open pki/intermediate/keys/server.key: no such file or directory
# create server.key
❯ ziti pki create key \
--pki-root pki \
--ca-name intermediate \
--key-file server
Using CA name: intermediate
Success
# now server.key exists, but server.cert does not exist yet, so it shouldn't be a "bundle exists" error
❯ tree pki
pki
├── intermediate
│ ├── certs
│ │ ├── intermediate.cert
│ │ └── intermediate.chain.pem
│ ├── crlnumber
│ ├── crls
│ ├── index.txt
│ ├── index.txt.attr
│ ├── keys
│ │ ├── intermediate.key
│ │ └── server.key
│ └── serial
└── root
├── certs
│ ├── intermediate.cert
│ └── root.cert
├── crlnumber
├── crls
├── index.txt
├── index.txt.attr
├── keys
│ ├── intermediate.key
│ └── root.key
└── serial
8 directories, 16 files
# try to use server.key, but it always fails unless --allow-overwrite, which I don't want to use unless I'm intending to clobber the cert
❯ ziti pki create server \
--pki-root ./pki \
--ca-name intermediate \
--key-file server \
--server-file server \
--dns ziti.example.com
Using CA name: intermediate
error: cannot sign: failed saving generated bundle: a bundle already exists for the name server within CA intermediate
❯ ziti --version
v0.34.2
The text was updated successfully, but these errors were encountered:
There seems to be a flaw in the logic that determines whether a bundle exists in the CA.
The text was updated successfully, but these errors were encountered: