When creating certificates with a third party CA, in this case MS Certificate Services, to export the certificate you need to export it in PKCS#12 format. However, to import the certificate into Ziti, you need to provide the key and cert file as two separate files. It would be nice to be able to import a .pfx file directly and specify either the password with a command line option, or prompt for it if it is missing.
This will mean that the certificate will remain 'safe' while in transit between Windows CA and client, ie a safe passage from export of the cert from the CA and ziti client import.
It will also mean that you dont need to install openssl to split the cert up and take the password off the key file. All of which is extra work for users using the front end.
When creating certificates with a third party CA, in this case MS Certificate Services, to export the certificate you need to export it in PKCS#12 format. However, to import the certificate into Ziti, you need to provide the key and cert file as two separate files. It would be nice to be able to import a .pfx file directly and specify either the password with a command line option, or prompt for it if it is missing.
This will mean that the certificate will remain 'safe' while in transit between Windows CA and client, ie a safe passage from export of the cert from the CA and ziti client import.
It will also mean that you dont need to install openssl to split the cert up and take the password off the key file. All of which is extra work for users using the front end.