Smallstep Registration Authorities (RA) provide automated enrollment and renewal of certificates using modern techniques while extending your existing internal PKI. Smallstep RAs act narrowly as a registration authority, accepting certificate orders, and authenticating certificate requests. Smallstep RAs do not sign certificates. Instead, certificate requests are passed to your existing PKI infrastructure to sign and catalog. Benefits of this approach include:
Today Smallstep is focused on building ACME registration authorities for popular PKI platforms. In the future, we intend to expand our RA support to address the capabilities of the many Smallstep provisioners.