Linux command
step 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Create CA
step ca init
Generate certificate
step ca certificate [hostname] [cert.pem] [key.pem]
Inspect certificate
step certificate inspect [cert.pem]
Create CSR
step certificate create --csr [hostname] [csr.pem] [key.pem]
Verify certificate
step certificate verify [cert.pem] --roots [ca.pem]
Get CA fingerprint
step certificate fingerprint [ca.pem]
Bootstrap CA client
step ca bootstrap --ca-url [https://ca:9000] --fingerprint [fingerprint]
说明
step is a comprehensive command-line toolkit for working with certificates, keys, and cryptographic operations. It serves as both a standalone utility for inspecting and creating certificates and as the client interface for the step-ca private certificate authority server. The tool provides subcommands for the full certificate lifecycle: creating certificate signing requests, requesting signed certificates from a CA, inspecting certificate details, verifying certificate chains, and managing SSH certificates. It supports modern cryptographic standards including ECDSA, EdDSA, and RSA keys, and can work with ACME protocol for automated certificate issuance. When paired with a step-ca server, step enables automated PKI workflows including bootstrapping client trust, requesting short-lived certificates, and managing provisioners for different authentication methods such as OIDC, JWK, and ACME. It also supports SSH certificate management as an alternative to traditional long-lived SSH keys.
参数
- ca
- Certificate authority commands.
- certificate
- Certificate operations.
- crypto
- Cryptographic operations.
- ssh
- SSH certificate commands.
- oauth
- OAuth and OIDC authorization operations.
- path
- Print the configured step path (default ~/.step).
- context
- Manage certificate authority contexts.
- completion
- Print shell completion scripts (bash, zsh, fish).
- --ca-url _URL_
- CA server URL.
- --fingerprint _FP_
- CA fingerprint.
FAQ
What is the step command used for?
step is a comprehensive command-line toolkit for working with certificates, keys, and cryptographic operations. It serves as both a standalone utility for inspecting and creating certificates and as the client interface for the step-ca private certificate authority server. The tool provides subcommands for the full certificate lifecycle: creating certificate signing requests, requesting signed certificates from a CA, inspecting certificate details, verifying certificate chains, and managing SSH certificates. It supports modern cryptographic standards including ECDSA, EdDSA, and RSA keys, and can work with ACME protocol for automated certificate issuance. When paired with a step-ca server, step enables automated PKI workflows including bootstrapping client trust, requesting short-lived certificates, and managing provisioners for different authentication methods such as OIDC, JWK, and ACME. It also supports SSH certificate management as an alternative to traditional long-lived SSH keys.
How do I run a basic step example?
Run `step ca init` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does ca do in step?
Certificate authority commands.