-
If this is possible, how can it be achieved? Looking to try and make this 20 years, with the idea that it provisions certs for IAs and then gets turned offline. The IAs would then have lifespans of 10y etc |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Yes it is possible! But you'll need to use a slightly more elaborate workflow to initialize the CA infrastructure. Specifically, you'll need to generate a root CA key & certificate then pass those in to
When you run this command it will copy your |
Beta Was this translation helpful? Give feedback.
Yes it is possible! But you'll need to use a slightly more elaborate workflow to initialize the CA infrastructure. Specifically, you'll need to generate a root CA key & certificate then pass those in to
step ca init
. Technically, you could use any tool to generate your root, but here's how you'd do this withstep
:When you run this command it will copy your
root_ca_key
into~/.step/secrets/root_ca_key
. The CA doesn't actually need this file though. You can delete it if you'd like.