The security/step-ca port
step-ca-0.25.2 – private certificate authority and ACME server (cvsweb github mirror)
Description
step-ca is an online certificate authority for secure, automated certificate
management. It's the server counterpart to the step CLI tool.
You can use it to:
- Issue X.509 certificates for your internal infrastructure:
- HTTPS certificates that work in browsers (RFC5280 and CA/Browser Forum
compliance)
- TLS certificates for VMs, containers, APIs, mobile clients, database
connections, printers, wifi networks, toaster ovens...
- Client certificates to enable mutual TLS (mTLS) in your infra. mTLS is an
optional feature in TLS where both client and server authenticate each
other. Why add the complexity of a VPN when you can safely use mTLS over
the public internet?
- Issue SSH certificates:
- For people, in exchange for single sign-on ID tokens
- For hosts, in exchange for cloud instance identity documents
- Easily automate certificate management:
- It's an ACME v2 server
- It has a JSON API
- It comes with a Go wrapper
- ... and there's a command-line client you can use in scripts!
WWW: https://smallstep.com/certificates
Readme
+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------
Initialization
==============
The step-cli package is required and must be used to initialize Step CA.
Execute the following command as user _step-ca to initialize Step CA.
# su -s /bin/sh _step-ca -c "env STEPPATH=${LOCALSTATEDIR}/step-ca step ca init"
Step CA cannot bind to privileged ports. During initialization select a port
above 1024.
Add the CA cert to system store
===============================
The root certificate for step-ca is stored in ${LOCALSTATEDIR}/step-ca/certs/root_ca.crt
which should be added to the system by appending it to ${SYSCONFDIR}/ssl/cert.pem
# cat ${LOCALSTATEDIR}/step-ca/certs/root_ca.crt >> ${SYSCONFDIR}/ssl/cert.pem
Maintainer
The OpenBSD ports mailing-list
Only for arches
aarch64 amd64 arm i386 riscv64
Broken
on armv7: github.com/go-piv/piv-go@v1.10.0/piv/pcsc_openbsd.go:29:15: 0x8010002E (untyped int constant 2148532270) overflows int32
on i386: github.com/go-piv/piv-go@v1.10.0/piv/pcsc_openbsd.go:29:15: 0x8010002E (untyped int constant 2148532270) overflows int32
Categories
Library dependencies
Build dependencies
Files
- /etc/login.conf.d/step_ca
- /etc/rc.d/step_ca
- /usr/local/bin/step-ca
- /usr/local/share/doc/pkg-readmes/step-ca
- /usr/local/share/doc/step-ca/
- /usr/local/share/doc/step-ca/CHANGELOG.md
- /usr/local/share/doc/step-ca/CONTRIBUTING.md
- /usr/local/share/doc/step-ca/README.md
- /usr/local/share/doc/step-ca/SECURITY.md
- /usr/local/share/examples/login.conf.d/step_ca
- /var/step-ca/
- @newgroup _step-ca:883
- @newuser _step-ca:883:883::Step-ca Account:/var/empty:/sbin/nologin