Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Configure step-ca with an RSA certificate chain
Requirements
- Open Source - This tutorial assumes you have installed the
stepandstep-casoftware, and that you've just initialized a CA using the steps in Getting Started. - Smallstep Certificate Manager - Please get in touch with Smallstep Customer Success if you want to use a RSA certificate chain.
Instructions
Some legacy applications require a certificate chain that uses RSA keys, but step ca init creates a PKI that uses ECDSA keys by default. In this tutorial, you will replace the default ECDSA chain with an RSA chain.
First, stop your step-ca server if it is running.
Next, delete your existing PKI and create RSA root and intermediate certificates and keys. This step will overwrite your existing CA.
step certificate create "Example Root CA" \
$(step path)/certs/root_ca.crt \
$(step path)/secrets/root_ca_key \
--profile root-ca \
--kty RSA
step certificate create "Example Intermediate CA" \
$(step path)/certs/intermediate_ca.crt \
$(step path)/secrets/intermediate_ca_key \
--profile intermediate-ca \
--ca $(step path)/certs/root_ca.crt \
--ca-key $(step path)/secrets/root_ca_key \
--kty RSA
Change the certificate subject names as desired. You'll be prompted to supply a password to encrypt your private keys.
You can now restart step-ca server.
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.