step ca bootstrap

Name

step ca bootstrap -- initialize the environment to use the CA commands

Usage

step ca bootstrap
[--ca-url=<uri>] [--fingerprint=<fingerprint>] [--install]
[--team=<name>] [--authority=<name>] [--team-url=<uri>] [--redirect-url=<uri>]
[--context=<name>] [--profile=<name>]
[--authority=<name>] [--team-authority=<sub-domain>]

Description

step ca bootstrap downloads the root certificate from the certificate authority and sets up the current environment to use it.

Bootstrap will store the root certificate in $STEPPATH/certs/root_ca.crt and create a configuration file in $STEPPATH/configs/defaults.json with the CA url, the root certificate location and its fingerprint.

After the bootstrap, ca commands do not need to specify the flags --ca-url, --root or --fingerprint if we want to use the same environment.

Options

--ca-url=URI URI of the targeted Step Certificate Authority.

--fingerprint=fingerprint The fingerprint of the targeted root certificate.

--install Install the root certificate into the system's default trust store.

--team=ID The team ID used to bootstrap the environment.

--team-authority=sub-domain The sub-domain of the certificate authority to bootstrap. E.g., for an authority with domain name 'certs.example-team.ca.smallstep.com' the value would be 'certs'.

--team-url=url The url step queries to retrieve initial team configuration. Only used with the --team option. If the url contains <> placeholders, they are replaced with the team ID. Replacing the authority-id section of the url is not supported with placeholders.

--redirect-url=url The url to open in the system browser when the OAuth flow is successful.

-f, --force Force the overwrite of files without asking.

--context=name The context name to apply for the given command.

--profile=name The name that will serve as the profile name for the context.

--authority=name The name that will serve as the authority name for the context.

Examples

Bootstrap using the CA url and a fingerprint:

$ step ca bootstrap --ca-url https://ca.example.com \ --fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097

Bootstrap and install the root certificate

$ step ca bootstrap --ca-url https://ca.example.com \ --fingerprint d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097 \ --install

Bootstrap with a smallstep.com CA using a team ID:

$ step ca bootstrap --team superteam

To use team IDs in your own environment, you'll need an HTTP(S) server serving a JSON file:

{"url":"https://ca.example.com","fingerprint":"d9d0978692f1c7cc791f5c343ce98771900721405e834cd27b9502cc719f5097"}

Then, this command will look for the file at https://config.example.com/superteam:

$ step ca bootstrap --team superteam --team-url https://config.example.com/<>