The serial number of the SSH certificate to revoke.
The one-time token used to authenticate with the CA in order to create the
The path to the file containing the password to decrypt the one-time token
The provisioner name to use.
The key=value pair with template data variables to send to the CA. Use the --set flag multiple times to add multiple variables.
The JSON file with the template data to send to the CA.
Certificate (chain) in PEM format to store in the 'sshpop' header of a JWT.
Private key file, used to sign a JWT, corresponding to the certificate that will
be stored in the 'sshpop' header.
The string representing the reason for which the cert is being revoked.
The reasonCode specifies the reason for revocation - chose from a list of
common revocation reasons. If unset, the default is Unspecified.
reasonCode can be a number from 0-9 or a case insensitive string matching
one of the following options:
Unspecified: No reason given (Default -- reasonCode=0).
KeyCompromise: The key is believed to have been compromised (reasonCode=1).
CACompromise: The issuing Certificate Authority itself has been compromised (reasonCode=2).
AffiliationChanged: The certificate contained affiliation information, for example, it may
have been an EV certificate and the associated business is no longer owned by
the same entity (reasonCode=3).
Superseded: The certificate is being replaced (reasonCode=4).
CessationOfOperation: If a CA is decommissioned, no longer to be used, the CA's certificate
should be revoked with this reason code. Do not revoke the CA's certificate if
the CA no longer issues new certificates, yet still publishes CRLs for the
currently issued certificates (reasonCode=5).
CertificateHold: A temporary revocation that indicates that a CA will not vouch for a
certificate at a specific point in time. Once a certificate is revoked with a
CertificateHold reason code, the certificate can then be revoked with another
Reason Code, or unrevoked and returned to use (reasonCode=6).
RemoveFromCRL: If a certificate is revoked with the CertificateHold reason code, it is
possible to "unrevoke" a certificate. The unrevoking process still lists the
certificate in the CRL, but with the reason code set to RemoveFromCRL.
Note: This is specific to the CertificateHold reason and is only used in DeltaCRLs
PrivilegeWithdrawn: The right to represent the given entity was revoked for some reason
AACompromise: It is known or suspected that aspects of the AA validated in the
attribute certificate have been compromised (reasonCode=10).
Creates a certificate without contacting the certificate authority. Offline mode
uses the configuration, certificates, and keys created with step ca init,
but can accept a different configuration file using --ca-config flag.
The certificate authority configuration file. Defaults to
--ca-url=URIURI of the targeted Step Certificate Authority.
The path to the PEM file used as the root certificate authority.
The context name to apply for the given command.