step certificate

NAME

step certificate – create, revoke, validate, bundle, and otherwise manage certificates

USAGE

step certificate SUBCOMMAND [ARGUMENTS] [GLOBAL_FLAGS] [SUBCOMMAND_FLAGS]

DESCRIPTION

step certificate command group provides facilities for creating certificate signing requests (CSRs), creating self-signed certificates (e.g., for use as a root certificate authority), generating leaf or intermediate CA certificate by signing a CSR, validating certificates, renewing certificates, generating certificate bundles, and key-wrapping of private keys.

More information about certificates in general (as opposed to the step certificate sub-commands) can be found at step help topics certificate or online at [URL].

EXAMPLES

Create a root certifciate and private key using the default parameters (EC P-256 curve):

$ step certificate create foo foo.crt foo.key --profile root-ca

Create a leaf certificate and private key using the default parameters (EC P-256 curve):

$ step certificate create baz baz.crt baz.key --ca ./foo.crt --ca-key ./foo.key

Create a CSR and private key using the default parameters (EC P-256 curve):

$ step certificate create zap zap.csr zap.key --csr

Sign a CSR and generate a signed certificate:

$ step certificate sign zap.csr foo.crt foo.key

Inspect the contents of a certificate:

$ step certificate inspect ./baz.crt

Verify the signature of a certificate:

$ step certificate verify ./baz.crt --roots ./foo.crt

Lint the contents of a certificate to check for common errors and missing fields:

$ step certificate lint ./baz.crt

Bundle an end certificate with the issuing certificate:

$ step certificate bundle ./baz.crt ./foo.crt bundle.crt

Convert PEM format certificate to DER and write to disk.

$ step certificate format foo.pem --out foo.der

COMMANDS

   
bundle bundle a certificate with intermediate certificate(s) needed for certificate path validation
create create a certificate or certificate signing request
format reformat certificate
inspect print certificate or CSR details in human readable format
fingerprint print the fingerprint of a certificate
lint lint certificate details
sign sign a certificate signing request (CSR)
verify verify a certificate