step-ca
step-ca
step-ca
in a Docker containerstep-ca
step-ca
step-ca
in a Docker containerSmallstep Certificate Manager is a commercial product that delivers a managed certificate authority (CA) capable of issuing private x.509 TLS certificates.
Certificate Manager builds on two open-source projects, maintained by smallstep:
step-ca
: a private online certificate authority for secure automated certificate management.step
: a general-purpose cryptography toolkit and the client-side counterpart to step-ca
.
With Certificate Manager, you can create your own private CA to manage certificates on internal services, websites, infrastructure, people, or devices. step
on your clientThis tutorial assumes you are setting up Certificate Manager.
If you need SSH certificates instead, see our documentation for Smallstep SSH.
Have questions? Contact Customer Success.
Creating a team gives you access to Smallstep's products. Click here to create a team. You will be asked to provide:
Team Name
- Usually, this is your company name. Team URL
- This is where you will access the smallstep dashboard and will also be the base domain for the CA URL for any Authorities you create. First & Last Name
- Smallstep Team administrator's name. E-mail
- Smallstep Team administrator's e-mail address.password
- This password is used to login into the Smallstep dashboardSmallstep team admins can subscribe to and manage Smallstep products.
A Certificate Manager Authority is an online CA that authenticates and authorizes certificate requests. It can issue, renew, and revoke your x.509 TLS certificates. To create an Authority:
On the Authority detail page, you will see the CA URL and Fingerprint used to interact with your CA.
Certificate Manager also creates a default provisioner called authority-admin
,
connected to your smallstep login.
You can use this provisioner to administer the Authority and to get certificates.
See basic certificate operations for examples.
An authority super admin account is also created, using your e-mail address as the admin name/subject. The super admin can manage other authority admins.
step
To interact with Certificate Manager, you will need our step
CLI command on your local machine.
step
acts as a front-end interface to Certificate Manager and is used for many common crypto and X.509 operations.
It's trivial to install the step binary on your local machine.
The instructions are here.
Certificate Manager authorities are administered using the step
CLI command.
To connect your local client with the hosted Authority, you need to bootstrap into the PKI.
Run the following command, substituting the values from your Authority's properties:
$ step ca bootstrap --ca-url [YOUR CA URL] --fingerprint [YOUR AUTHORITY FINGERPRINT]
(You can always find this command on the Quick Actions section on your authority page.)
This command will download the CA Root certificate and configure your local step
client to interact with the Authority.
If desired, you can also use the step
CLI to install the CA Root certificate to your system's truststore.
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.