Linux command
step-ca 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Initialize new CA
step ca init
Start the CA server
step-ca [$(step path)/config/ca.json]
Request a certificate
step ca certificate [hostname] [host.crt] [host.key]
Renew a certificate
step ca renew [host.crt] [host.key]
Revoke a certificate
step ca revoke [host.crt]
Add a provisioner
step ca provisioner add [name] --type [OIDC] --client-id [id] --configuration-endpoint [url]
Get CA health
step ca health
Get root certificate
step ca root
说明
step-ca is a private certificate authority server. Combined with step ca client commands, it provides automated certificate lifecycle management. step ca init creates PKI structure with root and intermediate CAs. The resulting configuration defines provisioners, certificate templates, and policies. Provisioners authenticate certificate requests. Types include ACME, OIDC, JWK, X5C, and SSHPOP. Each provisioner has specific authentication requirements and certificate constraints. step ca certificate requests certificates using configured provisioners. ACME provisioner enables Let's Encrypt-style automation. Certificates include specified SANs. Renewal with step ca renew extends certificate lifetime. Pair with step-renewer daemon for automatic renewal. Revocation invalidates certificates before expiration. step-ca supports ACME protocol, enabling integration with certbot and other ACME clients for automated certificate issuance.
FAQ
What is the step-ca command used for?
step-ca is a private certificate authority server. Combined with step ca client commands, it provides automated certificate lifecycle management. step ca init creates PKI structure with root and intermediate CAs. The resulting configuration defines provisioners, certificate templates, and policies. Provisioners authenticate certificate requests. Types include ACME, OIDC, JWK, X5C, and SSHPOP. Each provisioner has specific authentication requirements and certificate constraints. step ca certificate requests certificates using configured provisioners. ACME provisioner enables Let's Encrypt-style automation. Certificates include specified SANs. Renewal with step ca renew extends certificate lifetime. Pair with step-renewer daemon for automatic renewal. Revocation invalidates certificates before expiration. step-ca supports ACME protocol, enabling integration with certbot and other ACME clients for automated certificate issuance.
How do I run a basic step-ca example?
Run `step ca init` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
Where can I find more step-ca examples?
This page includes 8 examples for step-ca, plus related commands for nearby Linux tasks.