Certificate Authority (step certificates)

step cerificates is an online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere.

Using step certificates in conjunction with the step CLI you can:

And much more.

Quick start: bootstrap PKI and run online Certificate Authority

Comprehensive documentation and examples are available on step certificates’ GitHub.

To initialize a PKI and configure the CA run and follow through the steps:

$ step ca init

Once completed run the online certificate authority:

$ step-ca $(step path)/config/ca.json
Please enter the password to decrypt intermediate_ca_key: ]F4=bYXyh9Gv6+Z9EYEF}hVJ
2018/11/27 10:55:40 Serving HTTPS on :443 ...

If you would like to generate a certificate from the command line, the Step CLI provides a single command that will prompt you to select and decrypt an authorized provisioner and then request a new certificate.

$ step ca certificate "foo.example.com" foo.crt foo.key

✔ Key ID: yUVzQNygNGCXjGxsDb0g4RNkVTilFL6Dvz5hBi2Es4w (me@smallstep.com)
Please enter the password to decrypt the provisioner key: ]F4=bYXyh9Gv6+Z9EYEF}hVJ
✔ CA:

$ ls foo.*
foo.crt foo.key

For generating certificates on demand from an automated configuration management solution (no user input) see the following steps:

  1. Configure your remote environment.
  2. Issue a certificate

Using these steps you should be able to securely request and receive certificates from any authenticated entity in your infrastructure.

Please check out the step/certificates README for more.

Relevant step CLI top level commands

step ca - initialize and manage a certificate authority