NAME

step ca init – initialize the CA PKI

USAGE

step ca init [–root=path] [–key=path] [–pki] [–ssh] [–name=name] [dns=dns] [address=address] [provisioner=name] [provisioner-password-file=path] [password-file=path] [with-ca-url=url] [no-db]

DESCRIPTION

step ca init command initializes a public key infrastructure (PKI) to be used by the Certificate Authority.

OPTIONS

–root=file
The path of an existing PEM file to be used as the root certificate authority.
–key=file
The path of an existing key file of the root certificate authority.
–pki
Generate only the PKI without the CA configuration.
–ssh
Create keys to sign SSH certificates.
–name=name
The name of the new PKI.
–dns=names
The comma separated DNS names or IP addresses of the new CA.
–address=address
The address that the new CA will listen at.
–provisioner=name
The name of the first provisioner.
–password-file=file
The path to the file containing the password to encrypt the keys.
–provisioner-password-file=file
The path to the file containing the password to encrypt the provisioner key.
–with-ca-url=URI
URI of the Step Certificate Authority to write in defaults.json
–no-db
Generate a CA configuration without the DB stanza. No persistence layer.