NAME

step ca init – initialize the CA PKI

USAGE

step ca init [–root=path] [–key=path] [–pki] [–ssh] [–name=name] [–dns=dns] [–address=address] [–provisioner=name] [–provisioner-password-file=path] [–password-file=path] [–with-ca-url=url] [–no-db]

DESCRIPTION

step ca init command initializes a public key infrastructure (PKI) to be used by the Certificate Authority.

OPTIONS

–root=file
The path of an existing PEM file to be used as the root certificate authority.
–key=file
The path of an existing key file of the root certificate authority.
–pki
Generate only the PKI without the CA configuration.
–ssh
Create keys to sign SSH certificates.
–name=name
The name of the new PKI.
–dns=names
The comma separated DNS names or IP addresses of the new CA.
–address=address
The address that the new CA will listen at.
–provisioner=name
The name of the first provisioner.
–password-file=file
The path to the file containing the password to encrypt the keys.
–provisioner-password-file=file
The path to the file containing the password to encrypt the provisioner key.
–with-ca-url=URI
URI of the Step Certificate Authority to write in defaults.json
–no-db
Generate a CA configuration without the DB stanza. No persistence layer.