step ca bootstrap
Name
step ca bootstrap -- initialize the environment to use the CA commands
Usage
step ca bootstrap
[--ca-url=<uri>] [--fingerprint=<fingerprint>] [--install]
[--team=<name>] [--authority=<name>] [--team-url=<uri>] [--redirect-url=<uri>]
[--context=<name>] [--profile=<name>]
[--authority=<name>] [--team-authority=<sub-domain>]
Description
step ca bootstrap downloads the root certificate from the certificate authority and sets up the current environment to use it.
Bootstrap will store the root certificate in $STEPPATH/certs/root_ca.crt
and
create a configuration file in $STEPPATH/configs/defaults.json
with the CA
url, the root certificate location and its fingerprint.
After the bootstrap, ca commands do not need to specify the flags --ca-url, --root or --fingerprint if we want to use the same environment.
Options
--ca-url=URI
URI
of the targeted Step Certificate Authority.
--fingerprint=fingerprint
The fingerprint
of the targeted root certificate.
--install Install the root certificate into the system's default trust store.
--team=ID
The team ID
used to bootstrap the environment.
--team-authority=sub-domain
The sub-domain
of the certificate authority to bootstrap. E.g., for an authority with
domain name 'certs.example-team.ca.smallstep.com' the value would be 'certs'.
--team-url=url
The url
step queries to retrieve initial team configuration. Only used with
the --team option. If the url contains <>
placeholders, they are replaced with the team ID.
Replacing the authority-id section of the url is not supported with placeholders.
--redirect-url=url
The url
to open in the system browser when the OAuth flow is successful.
-f, --force Force the overwrite of files without asking.
--context=name
The context name
to apply for the given command.
--profile=name
The name
that will serve as the profile name for the context.
--authority=name
The name
that will serve as the authority name for the context.
Examples
Bootstrap using the CA url and a fingerprint:
$ step ca bootstrap --ca-url https://ca.example.com \
--fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097
Bootstrap and install the root certificate
$ step ca bootstrap --ca-url https://ca.example.com \
--fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097 \
--install
Bootstrap with a smallstep.com CA using a team ID:
$ step ca bootstrap --team superteam
To use team IDs in your own environment, you'll need an HTTP(S) server serving a JSON file:
{"url":"https://ca.example.com","fingerprint":"d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097"}
Then, this command will look for the file at https://config.example.com/superteam:
$ step ca bootstrap --team superteam --team-url https://config.example.com/<>