Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step certificate lint
Name
step certificate lint -- lint certificate details
Usage
step certificate lint <crt-file> [--roots=<root-bundle>]
[--servername=<servername>]
Description
step certificate lint checks a certificate for common errors and outputs the result in JSON format. It is intended for evaluating Web PKI certificates, and may not be appropriate for internal PKIs.
Positional arguments
crt-file
Path to a certificate or certificate signing request (CSR) to lint.
Options
--roots=roots
Root certificate(s) that will be used to verify the
authenticity of the remote server.
roots is a case-sensitive string and may be one of:
file: Relative or full path to a file. All certificates in the file will be used for path validation.
list of files: Comma-separated list of relative or full file paths. Every PEM encoded certificate from each file will be used for path validation.
directory: Relative or full path to a directory. Every PEM encoded certificate from each file in the directory will be used for path validation.
--insecure Use an insecure client to retrieve a remote peer certificate. Useful for debugging invalid certificates remotely.
--servername=value
TLS Server Name Indication that should be sent to request a specific certificate from the server.
Exit codes
This command returns 0 on success and >0 if any error occurs.
Examples
$ step certificate lint ./certificate.crt
Lint a remote certificate (using the default root certificate bundle to verify the server):
$ step certificate lint https://smallstep.com
Lint a remote certificate using a custom root certificate to verify the server:
$ step certificate lint https://smallstep.com --roots ./certificate.crt
Lint a remote certificate using a custom list of root certificates to verify the server:
$ step certificate lint https://smallstep.com \
--roots "./certificate.crt,./certificate2.crt,/certificate3.crt"
Lint a remote certificate using a custom directory of root certificates to verify the server:
$ step certificate lint https://smallstep.com --roots "./path/to/certificates/"
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.