Smallstep Registration Authorities (RA) provide automated enrollment and renewal of certificates using modern techniques while extending your existing internal PKI. Smallstep RAs act narrowly as a registration authority, accepting certificate orders, and authenticating certificate requests. Smallstep RAs do not sign certificates. Instead, certificate requests are passed to your existing PKI infrastructure to sign and catalog. Benefits of this approach include:
- Issued certificates are trusted by anything that trusts your PKI root certificate.
- Issued certificates appear in your PKI console and audit logs.
- Security-sensitive signing keys are managed by your existing PKI and never seen by Smallstep ACME RA.
Today Smallstep is focused on building ACME registration authorities for popular PKI platforms. In the future, we intend to expand our RA support to address the capabilities of the many Smallstep provisioners.