More than a certificate authority

Secure automated certificate management is easy with step certificates. Certificates let you use TLS to connect across clouds and easily access services and applications from anywhere.

step ca certificate localhost server.crt server.key --ca-url https://127.0.0.1:4443 ✔ Key ID: Iq9b-8GDQh5JlYiBpI0AEm5xsyc34wGMRBVEq8rNiC4 (mike@smallstep.com) ]F4=bYXyh9Gv6+Z9EYEF}hVJ ✔ CA: https://127.0.0.1:4443/1.0/sign ls server.crt server.go server.key cat server.go package main
import(
    "net/http"
    "log"
)

func HiHandler(w https.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("Hello, PKI Relying Party!\n"))
}

func main() {
    http.HandleFunc("/hi", HiHandler)
    err := http.ListenAndServeTLS(":8443", "server.crt", "server.key", nil)
    if err != nil {
        log.Fatal(err)
    }
}
go run server.go & [1] 69560 step ca root root.crt \ > --fingerprint 53f02413fd3fb3eb4334005f876ac126d9897ae761a7c1ed47df33ae6c8a772e \ > --ca-curl https://127.0.0.1:4443 ls root.crt server.crt server.go server.key curl --cacert root.crt https://localhost:8443/hi Hello, PKI Relying Party!

Installing step certificates or brew install smallstep/smallstep/step

Learn how to get started with step certificates

Open sourced on GitHub at Star smallstep/certificates


What's included? An online certificate authority, a secure automated bootstrapping protocol for code & devices, and a CLI & API for easy integration. Step certificates fills the gaps that keep internal public key infrastructure out of reach for most teams and organizations. Read our blog post to learn more.

Online Certificate Authority

Subcommands to interact with step certificates’ (Online Certificate Authority) APIs.

step ca init Initialize the CA PKI.

step ca token Generate an one-time token granting access to the CA.

step ca certificate Generate a new certificate pair signed by the root certificate.

step ca bootstrap Initialize the environment to use the CA commands.

step ca sign Generate a new private key and certificate signed by the root certificate.

step ca root Download and validate the root certificate.

step ca renew Renew a valid certificate.

step ca provisioner Create and manage the certificate authority provisioners.

step ca health Get the status of the CA.