NAME

step ca bootstrap – initialize the environment to use the CA commands

USAGE

step ca bootstrap [–ca-url=uri] [–fingerprint=fingerprint] [–install] [–team=name] [–team-url=url] [–redirect-url=url]

DESCRIPTION

step ca bootstrap downloads the root certificate from the certificate authority and sets up the current environment to use it.

Bootstrap will store the root certificate in $STEPPATH/certs/root_ca.crt and create a configuration file in $STEPPATH/configs/defaults.json with the CA url, the root certificate location and its fingerprint.

After the bootstrap, ca commands do not need to specify the flags –ca-url, –root or –fingerprint if we want to use the same environment.

OPTIONS

–ca-url=URI
URI of the targeted Step Certificate Authority.
–fingerprint=fingerprint
The fingerprint of the targeted root certificate.
–install
Install the root certificate into the system truststore.
–team=name
The team name used to bootstrap the environment.
–team-url=url
The url step queries to retrieve initial team configuration. Only used with the –team option. If the url contains “<>” placeholders, they are replaced with the team name.
–redirect-url=url
Terminal OAuth redirect url.
-f, –force
Force the overwrite of files without asking.

EXAMPLES

Bootstrap using the CA url and a fingerprint:

$ step ca bootstrap --ca-url https://ca.example.org \
  --fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097

Bootstrap and install the root certificate

$ step ca bootstrap --ca-url https://ca.example.org \
  --fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097 \
  --install

Bootstrap using a team name:

$ step ca bootstrap --team superteam

Bootstrap using a team in your environment, this requires an HTTP(S) server serving a JSON file like:

{"url":"https://ca.example.org","fingerprint":"d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097"}
$ step ca bootstrap --team superteam --team-url https://config.example.org/superteam