step-ca versus Smallstep Certificate Manager
Compare open source step-ca to Certificate Manager
Talk with Smallstep
| Category | Item | Certificate Manager | step-ca |
|---|---|---|---|
| General | Form Factor | SaaS or On-Premise | Download |
| General | Managed By | Smallstep | User |
| General | Administration | UI / CLI | CLI |
| General | Highly-available Certificate Authority | Manual | |
| General | Short-lived certificates with automated renewal | ||
| General | Private keys in cloud KMS | Manual | |
| General | Private keys in cloud HSM | Manual | |
| General | Open source certificate authority | ||
| General | Cloud managed, on-prem signing CA | ||
| General | Run anywhere Registration Authority | ||
| Authenticated Issuance | Authenticated certificate issuance | ||
| Authenticated Issuance | ACME DNS, HTTP, ALPN, IP, and EAB challenges | ||
| Authenticated Issuance | OIDC - bind user email to SAN/name for developer access | ||
| Authenticated Issuance | OIDC - Admin user create any SAN/name for custom certificate | ||
| Authenticated Issuance | OIDC - SSO identity token or device auth grant workflows | ||
| Authenticated Issuance | AWS, GCP, Azure instance identity docs for cloud infrastructure | ||
| Authenticated Issuance | Existing valid certificate for derived credentials | ||
| Authenticated Issuance | JWK for password, one-time token, or multi-use token authentication | ||
| Authenticated Issuance | API for a certificate | ||
| Authenticated Issuance | Issue cert via UI | Coming Soon | |
| Authorize & Customize | Templatized customization of certificates | ||
| Authorize & Customize | Template customization - UI | Coming Soon | |
| Authorize & Customize | Template customization - CLI | ||
| Authorize & Customize | Inventories - metadata enrichment or access control | Coming Soon | |
| Authorize & Customize | Use metadata to authorize certificate issuance | Coming Soon | |
| Authorize & Customize | Enrich CSR metadata with 3rd party directory | Coming Soon | |
| Authorize & Customize | Name constraints on Authority | ||
| Authorize & Customize | Allow / deny lists on provisioners | ||
| Observability | Issued certificates details in UI | ||
| Observability | Expiry events via webhook event | ||
| Observability | Expiry events via email | ||
| Observability | Export to webhook / SIEM | ||
| Observability | Ability to renew certificate | ||
| Renewal | single command renewal | ||
| Renewal | SystemD timers | ||
| Renewal | Stand-alone daemon | ||
| Renewal | Cron Jobs | ||
| Renewal | ACME Challenges | ||
| Renewal | OIDC - Single Sign-on flow | ||
| Renewal | Configuration Management | ||
| Renewal | API for renewal | ||
| Renewal | Renew after expiry | ||
| Renewal | Manual renewal by Admin | ||
| Renewal | Passive Revocation | ||
| Renewal | Active Revocation - CRL | ||
| Renewal | Active Revocation - OCSP | ||
| Renewal | Validation Authority |
Data as of July 1st, 2021
Create your private hosted Certificate Authority in less than five minutes
Sign up