Certificate Authority (step certificates)
step certificates is an online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere.
step certificates in conjunction with the
step CLI you can:
- Easily Bootstrap a PKI: get up and running with a certificate authority and other basic infrastructure necessary to use TLS internally in minutes.
- Automate Certificate Management: provision and roll certificates automatically using standard-based protocols & APIs.
- Manage Public and Private Keys: securely generate and distribute key material. Generate and distribute shared secrets (KDC) in addition to handling CSRs.
And much more.
Quick start: bootstrap PKI and run online Certificate Authority
Comprehensive documentation and examples are available on step certificates’ GitHub.
To initialize a PKI and configure the CA run and follow through the steps:
$ step ca init
Once completed run the online certificate authority:
$ step-ca $(step path)/config/ca.json Please enter the password to decrypt intermediate_ca_key: ]F4=bYXyh9Gv6+Z9EYEF}hVJ 2018/11/27 10:55:40 Serving HTTPS on :443 ...
If you would like to generate a certificate from the command line, the Step CLI provides a single command that will prompt you to select and decrypt an authorized provisioner and then request a new certificate.
$ step ca certificate "foo.example.com" foo.crt foo.key ✔ Key ID: yUVzQNygNGCXjGxsDb0g4RNkVTilFL6Dvz5hBi2Es4w (email@example.com) Please enter the password to decrypt the provisioner key: ]F4=bYXyh9Gv6+Z9EYEF}hVJ ✔ CA: https://127.0.0.1/1.0/sign $ ls foo.* foo.crt foo.key
For generating certificates on demand from an automated configuration management solution (no user input) see the following steps:
Using these steps you should be able to securely request and receive certificates from any authenticated entity in your infrastructure.
- Please check out the step/certificates README for more.
step CLI top level commands
step ca - initialize and manage a certificate authority