step-ca versus Smallstep Certificate Manager

Compare open source step-ca to Certificate Manager

Talk with smallstep
CategoryItemCertificate Managerstep-ca
GeneralForm FactorSaaS or On-PremiseDownload
GeneralManaged BySmallstepUser
GeneralAdministrationUI / CLICLI
GeneralHighly-available Certificate AuthorityManual
GeneralShort-lived certificates with automated renewal
GeneralPrivate keys in cloud KMSManual
GeneralPrivate keys in cloud HSMManual
GeneralOpen source certificate authority
GeneralCloud managed, on-prem signing CA
GeneralRun anywhere Registration Authority
Authenticated IssuanceAuthenticated certificate issuance
Authenticated IssuanceACME DNS, HTTP, ALPN, IP, and EAB challenges
Authenticated IssuanceOIDC - bind user email to SAN/name for developer access
Authenticated IssuanceOIDC - Admin user create any SAN/name for custom certificate
Authenticated IssuanceOIDC - SSO identity token or device auth grant workflows
Authenticated IssuanceAWS, GCP, Azure instance identity docs for cloud infrastructure
Authenticated IssuanceExisting valid certificate for derived credentials
Authenticated IssuanceJWK for password, one-time token, or multi-use token authentication
Authenticated IssuanceAPI for a certificate
Authenticated IssuanceIssue cert via UIComing Soon
Authorize & CustomizeTemplatized customization of certificates
Authorize & CustomizeTemplate customization - UIComing Soon
Authorize & CustomizeTemplate customization - CLI
Authorize & CustomizeInventories - metadata enrichment or access controlComing Soon
Authorize & CustomizeUse metadata to authorize certificate issuanceComing Soon
Authorize & CustomizeEnrich CSR metadata with 3rd party directoryComing Soon
Authorize & CustomizeName constraints on Authority
Authorize & CustomizeAllow / deny lists on provisioners
ObservabilityIssued certificates details in UI
ObservabilityExpiry events via webhook event
ObservabilityExpiry events via email
ObservabilityExport to webhook / SIEM
ObservabilityAbility to renew certificate
Renewalsingle command renewal
RenewalSystemD timers
RenewalStand-alone daemon
RenewalCron Jobs
RenewalACME Challenges
RenewalOIDC - Single Sign-on flow
RenewalConfiguration Management
RenewalAPI for renewal
RenewalRenew after expiry
RenewalManual renewal by Admin
RenewalPassive Revocation
RenewalActive Revocation - CRL
RenewalActive Revocation - OCSP
RenewalValidation Authority

Data as of July 1st, 2021

Smallstep logo

Create your private hosted Certificate Authority in less than five minutes

Sign up