mirror of
https://github.com/tldr-pages/tldr.git
synced 2025-04-23 05:02:10 +02:00
37 lines
1.6 KiB
Markdown
37 lines
1.6 KiB
Markdown
# step
|
|
|
|
> An easy-to-use CLI tool for building, operating, and automating Public Key Infrastructure (PKI) systems and workflows.
|
|
> See also: `openssl`.
|
|
> More information: <https://smallstep.com/docs/step-cli/>.
|
|
|
|
- Inspect the contents of a certificate:
|
|
|
|
`step certificate inspect {{path/to/certificate.crt}}`
|
|
|
|
- Create a root CA certificate and a key (append `--no-password --insecure` to skip private key password protection):
|
|
|
|
`step certificate create "{{Example Root CA}}" {{path/to/root-ca.crt}} {{path/to/root-ca.key}} --profile root-ca`
|
|
|
|
- Generate a certificate for a specific hostname and sign it with the root CA (generating a CSR can be skipped for simplification):
|
|
|
|
`step certificate create {{hostname.example.com}} {{path/to/hostname.crt}} {{path/to/hostname.key}} --profile leaf --ca {{path/to/root-ca.crt}} --ca-key {{path/to/root-ca.key}}`
|
|
|
|
- Verify a certificate chain:
|
|
|
|
`step certificate verify {{path/to/hostname.crt}} --roots {{path/to/root-ca.crt}} --verbose`
|
|
|
|
- Convert a PEM format certificate to DER and write it to disk:
|
|
|
|
`step certificate format {{path/to/certificate.pem}} --out {{path/to/certificate.der}}`
|
|
|
|
- Install or uninstall a root certificate in the system's default trust store:
|
|
|
|
`step certificate {{install|uninstall}} {{path/to/root-ca.crt}}`
|
|
|
|
- Create a RSA/EC private and public keypair (append `--no-password --insecure` to skip private key password protection):
|
|
|
|
`step crypto keypair {{path/to/public_key}} {{path/to/private_key}} --kty {{RSA|EC}}`
|
|
|
|
- Show help for subcommands:
|
|
|
|
`step {{path|base64|certificate|completion|context|crl|crypto|oauth|ca|beta|ssh}} --help`
|