step ssh renew – renew a SSH certificate using the SSH CA
step ssh renew
step ssh renew command renews an SSH Cerfificate
using step certificates.
It writes the new certificate to disk - either overwriting
using a new file when the –out=
file flag is used.
- The ssh certificate to renew.
- The ssh certificate private key.
- The new certificate
filepath. Defaults to overwriting the
- The provisioner
- The path to the
filecontaining the password to decrypt the one-time token generating key.
- -f, –force
- Force the overwrite of files without asking.
URIof the targeted Step Certificate Authority.
- The path to the PEM
fileused as the root certificate authority.
- Creates a certificate without contacting the certificate authority. Offline mode uses the configuration, certificates, and keys created with step ca init, but can accept a different configuration file using ‘–ca-config`’ flag.
pathto the certificate authority configuration file. Defaults to $STEPPATH/config/ca.json
- Certificate (
chain) in PEM format to store in the ‘sshpop’ header of a JWT.
- Private key
path, used to sign a JWT, corresponding to the certificate that will be stored in the ‘sshpop’ header.
Renew an ssh certificate overwriting the previous one:
$ step ssh renew -f id_ecdsa-cert.pub id_ecdsa
Renew an ssh certificate with a custom out file:
$ step ssh renew -out new-id_ecdsa-cer.pub id_ecdsa-cert.pub id_ecdsa