More than a certificate authority

Secure automated certificate management is easy with step certificates. Certificates let you use TLS to connect across clouds and easily access services and applications from anywhere.

step ca certificate localhost srv.crt srv.key ✔ Key ID: 8GDQh5JlYiBpI0AEm5xsyc34wGMRBVEq8rNiC4 (mike@smallstep.com) ]F4=bYXyh9Gv6+Z9 ✔ CA: https://127.0.0.1:4443/1.0/sign ls srv.crt srv.go srv.key cat srv.go package main
import(
    "net/http"
)

func HiHandler(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("Hello, PKI Relying Party!\n"))
}

func main() {
    http.HandleFunc("/hi", HiHandler)
    http.ListenAndServeTLS(":8443", "srv.crt", "srv.key", nil)
} go run srv.go & [1] 69560 step ca root root.crt \ >    --fingerprint 53f02413fd3fb3eb4334005f876ac126d9897ae761a7c1ed \ >    --ca-url https://127.0.0.1:4443 ls root.crt srv.crt srv.go srv.key curl --cacert root.crt https://localhost:8443/hi Hello, PKI Relying Party!

Installing step certificates or brew install step

Learn how to get started with step certificates

Open sourced on GitHub:

Star Watch Fork

Online Certificate Authority

Subcommands to interact with step certificates’ (Online Certificate Authority) APIs.

step ca init Initialize the CA PKI.

step ca token Generate an one-time token granting access to the CA.

step ca certificate Generate a new private key and certificate signed by the root certificate.

step ca bootstrap Initialize the environment to use the CA commands.

step ca sign Generate a new certificate signing a certificate request.

step ca root Download and validate the root certificate.

step ca roots Download all the root certificates.

step ca renew Renew a valid certificate.

step ca provisioner Create and manage the certificate authority provisioners.

step ca health Get the status of the CA.

step ca federation Download all the federated certificates.