Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step ca root
Name
step ca root -- download and validate the root certificate
Usage
step ca root [<root-file>]
[--ca-url=<uri>] [--fingerprint=<fingerprint>] [--context=<name>]
Description
step ca root downloads and validates the root certificate from the certificate authority.
Positional arguments
root-file
File to write root certificate (PEM format)
Options
-f, --force Force the overwrite of files without asking.
--fingerprint=fingerprint
The fingerprint of the targeted root certificate.
--ca-url=URI
URI of the targeted Step Certificate Authority.
--context=name
The context name to apply for the given command.
Examples
Get the root fingerprint in the CA:
$ step certificate fingerprint /path/to/root_ca.crt
0d7d3834cf187726cf331c40a31aa7ef6b29ba4df601416c9788f6ee01058cf3
Download the root certificate from the configured certificate authority:
$ step ca root root_ca.crt \
--fingerprint 0d7d3834cf187726cf331c40a31aa7ef6b29ba4df601416c9788f6ee01058cf3
Download the root certificate using a given certificate authority:
$ step ca root root_ca.crt \
--ca-url https://ca.smallstep.com:9000 \
--fingerprint 0d7d3834cf187726cf331c40a31aa7ef6b29ba4df601416c9788f6ee01058cf3
Print the root certificate using the flags set by step ca bootstrap:
$ step ca root
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.