Certificate Authority (step certificates)

step certificates is an online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere.

Using step certificates in conjunction with the step CLI you can:

  • Easily Bootstrap a PKI: get up and running with a certificate authority and other basic infrastructure necessary to use TLS internally in minutes.
  • Automate Certificate Management: provision and roll certificates automatically using standard-based protocols & APIs.
  • Manage Public and Private Keys: securely generate and distribute key material. Generate and distribute shared secrets (KDC) in addition to handling CSRs.

And much more.

Quick start: bootstrap PKI and run online Certificate Authority

Comprehensive documentation and examples are available on step certificates’ GitHub.

To initialize a PKI and configure the CA run and follow through the steps:

$ step ca init

Once completed run the online certificate authority:

$ step-ca $(step path)/config/ca.json
Please enter the password to decrypt intermediate_ca_key: ]F4=bYXyh9Gv6+Z9EYEF}hVJ
2018/11/27 10:55:40 Serving HTTPS on :443 ...

If you would like to generate a certificate from the command line, the Step CLI provides a single command that will prompt you to select and decrypt an authorized provisioner and then request a new certificate.

$ step ca certificate "foo.example.com" foo.crt foo.key

✔ Key ID: yUVzQNygNGCXjGxsDb0g4RNkVTilFL6Dvz5hBi2Es4w (me@smallstep.com)
Please enter the password to decrypt the provisioner key: ]F4=bYXyh9Gv6+Z9EYEF}hVJ
✔ CA:

$ ls foo.*
foo.crt foo.key

For generating certificates on demand from an automated configuration management solution (no user input) see the following steps:

  1. Get step certificates installed and running
  2. Initialize your online CA and issue certificates

Using these steps you should be able to securely request and receive certificates from any authenticated entity in your infrastructure.

Relevant step CLI top level commands

step ca - initialize and manage a certificate authority