smallstep-certificates/README.md

# Step Certificates

`step-ca` is an online certificate authority for secure, automated certificate management. It's the server counterpart to the [`step` CLI tool](https://github.com/smallstep/cli).

You can use it to:
- Issue X.509 certificates for your internal infrastructure:
  - HTTPS certificates that [work in browsers](https://smallstep.com/blog/step-v0-8-6-valid-HTTPS-certificates-for-dev-pre-prod.html) ([RFC5280](https://tools.ietf.org/html/rfc5280) and [CA/Browser Forum](https://cabforum.org/baseline-requirements-documents/) compliance)
  - TLS certificates for VMs, containers, APIs, mobile clients, database connections, printers, wifi networks, toaster ovens...
  - Client certificates to [enable mutual TLS (mTLS)](https://smallstep.com/hello-mtls) in your infra. mTLS is an optional feature in TLS where both client and server authenticate each other. Why add the complexity of a VPN when you can safely use mTLS over the public internet?
- Issue SSH certificates:
  - For people, in exchange for single sign-on ID tokens
  - For hosts, in exchange for cloud instance identity documents
- Easily automate certificate management:
  - It's an ACME v2 server
  - It has a JSON API
  - It comes with a [Go wrapper](./examples#user-content-basic-client-usage)
  - ... and there's a [command-line client](https://github.com/smallstep/cli) you can use in scripts!

Whatever your use case, `step-ca` is easy to use and hard to misuse, thanks to [safe, sane defaults](https://smallstep.com/docs/step-ca/certificate-authority-server-production#sane-cryptographic-defaults).

---

**Don't want to run your own CA?**
To get up and running quickly, or as an alternative to running your own `step-ca` server, consider creating a [free hosted smallstep Certificate Manager authority](https://info.smallstep.com/certificate-manager-early-access-mvp/).

---

**Questions? Find us in [Discussions](https://github.com/smallstep/certificates/discussions) or [Join our Discord](https://u.step.sm/discord).**

[Website](https://smallstep.com/certificates) |
[Documentation](https://smallstep.com/docs) |
[Installation](https://smallstep.com/docs/step-ca/installation) |
[Getting Started](https://smallstep.com/docs/step-ca/getting-started) |
[Contributor's Guide](./docs/CONTRIBUTING.md)

[![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases/latest)
[![Go Report Card](https://goreportcard.com/badge/github.com/smallstep/certificates)](https://goreportcard.com/report/github.com/smallstep/certificates)
[![Build Status](https://github.com/smallstep/certificates/actions/workflows/test.yml/badge.svg)](https://github.com/smallstep/certificates)
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![CLA assistant](https://cla-assistant.io/readme/badge/smallstep/certificates)](https://cla-assistant.io/smallstep/certificates)

[![GitHub stars](https://img.shields.io/github/stars/smallstep/certificates.svg?style=social)](https://github.com/smallstep/certificates/stargazers)
[![Twitter followers](https://img.shields.io/twitter/follow/smallsteplabs.svg?label=Follow&style=social)](https://twitter.com/intent/follow?screen_name=smallsteplabs)

![star us](https://github.com/smallstep/certificates/raw/master/docs/images/star.gif)

## Features

### 🦾 A fast, stable, flexible private CA

Setting up a *public key infrastructure* (PKI) is out of reach for many small teams. `step-ca` makes it easier.

- Choose key types (RSA, ECDSA, EdDSA) and lifetimes to suit your needs
- [Short-lived certificates](https://smallstep.com/blog/passive-revocation.html) with automated enrollment, renewal, and passive revocation
- Capable of high availability (HA) deployment using [root federation](https://smallstep.com/blog/step-v0.8.3-federation-root-rotation.html) and/or multiple intermediaries
- Can operate as [an online intermediate CA for an existing root CA](https://smallstep.com/docs/tutorials/intermediate-ca-new-ca)
- [Badger, BoltDB, Postgres, and MySQL database backends](https://smallstep.com/docs/step-ca/configuration#databases)

### ⚙️ Many ways to automate

There are several ways to authorize a request with the CA and establish a chain of trust that suits your flow.

You can issue certificates in exchange for:
- [ACME challenge responses](#your-own-private-acme-server) from any ACMEv2 client
- [OAuth OIDC single sign-on tokens](https://smallstep.com/blog/easily-curl-services-secured-by-https-tls.html), eg:
  - ID tokens from Okta, GSuite, Azure AD, Auth0.
  - ID tokens from an OAuth OIDC service that you host, like [Keycloak](https://www.keycloak.org/) or [Dex](https://github.com/dexidp/dex)
- [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/), for VMs on AWS, GCP, and Azure
- [Single-use, short-lived JWK tokens](https://smallstep.com/docs/step-ca/provisioners#jwk) issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc.
- A trusted X.509 certificate (X5C provisioner)
- A host certificate from your Nebula network
- A SCEP challenge (SCEP provisioner)
- An SSH host certificates needing renewal (the SSHPOP provisioner)
- Learn more in our [provisioner documentation](https://smallstep.com/docs/step-ca/provisioners)

### 🏔 Your own private ACME server

ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS certificates. It's _super easy_ to issue certificates to any ACMEv2 ([RFC8555](https://tools.ietf.org/html/rfc8555)) client.

- [Use ACME in development & pre-production](https://smallstep.com/blog/private-acme-server/#local-development--pre-production)
- Supports the most popular [ACME challenge types](https://letsencrypt.org/docs/challenge-types/):
  - For `http-01`, place a token at a well-known URL to prove that you control the web server
  - For `dns-01`, add a `TXT` record to prove that you control the DNS record set
  - For `tls-alpn-01`, respond to the challenge at the TLS layer ([as Caddy does](https://caddy.community/t/caddy-supports-the-acme-tls-alpn-challenge/4860)) to prove that you control the web server

- Works with any ACME client. We've written examples for:
  - [certbot](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#certbot)
  - [acme.sh](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#acmesh)
  - [win-acme](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#win-acme)
  - [Caddy](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#caddy-v2)
  - [Traefik](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#traefik)
  - [Apache](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#apache)
  - [nginx](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#nginx)
- Get certificates programmatically using ACME, using these libraries:
  - [`lego`](https://github.com/go-acme/lego) for Golang ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#golang))
  - certbot's [`acme` module](https://github.com/certbot/certbot/tree/master/acme) for Python ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#python))
  - [`acme-client`](https://github.com/publishlab/node-acme-client) for Node.js ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#node))
- Our own [`step` CLI tool](https://github.com/smallstep/cli) is also an ACME client!
- See our [ACME tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more

### 👩🏽‍💻 An online SSH Certificate Authority

- Delegate SSH authentication to `step-ca` by using [SSH certificates](https://smallstep.com/blog/use-ssh-certificates/) instead of public keys and `authorized_keys` files
- For user certificates, [connect SSH to your single sign-on provider](https://smallstep.com/blog/diy-single-sign-on-for-ssh/), to improve security with short-lived certificates and MFA (or other security policies) via any OAuth OIDC provider.
- For host certificates, improve security, [eliminate TOFU warnings](https://smallstep.com/blog/use-ssh-certificates/), and set up automated host certificate renewal.

### 🤓 A general purpose PKI tool, via [`step` CLI](https://github.com/smallstep/cli) [integration](https://smallstep.com/docs/step-cli/reference/ca/)

- Generate key pairs where they're needed so private keys are never transmitted across the network
- [Authenticate and obtain a certificate](https://smallstep.com/docs/step-cli/reference/ca/certificate/) using any provisioner supported by `step-ca`
- Securely [distribute root certificates](https://smallstep.com/docs/step-cli/reference/ca/root/) and [bootstrap](https://smallstep.com/docs/step-cli/reference/ca/bootstrap/) PKI relying parties
- [Renew](https://smallstep.com/docs/step-cli/reference/ca/renew/) and [revoke](https://smallstep.com/docs/step-cli/reference/ca/revoke/) certificates issued by `step-ca`
- [Install root certificates](https://smallstep.com/docs/step-cli/reference/certificate/install/) on your machine and browsers, so your CA is trusted
- [Inspect](https://smallstep.com/docs/step-cli/reference/certificate/inspect/) and [lint](https://smallstep.com/docs/step-cli/reference/certificate/lint/) certificates

## Installation

See our installation docs [here](https://smallstep.com/docs/step-ca/installation).

## Documentation

Documentation can be found in a handful of different places:

1. On the web at https://smallstep.com/docs/step-ca.

2. On the command line with `step help ca xxx` where `xxx` is the subcommand
you are interested in. Ex: `step help ca provisioner list`.

3. In your browser, by running `step help --http=:8080 ca` from the command line
and visiting http://localhost:8080.

4. The [docs](./docs/README.md) folder is being deprecated, but it still has some documentation and tutorials.

## Feedback?

* Tell us what you like and don't like about managing your PKI - we're eager to help solve problems in this space.
* Tell us about a feature you'd like to see! [Add a feature request Issue](https://github.com/smallstep/certificates/issues/new?assignees=&labels=enhancement%2C+needs+triage&template=enhancement.md&title=), [ask on Discussions](https://github.com/smallstep/certificates/discussions), or hit us up on [Twitter](https://twitter.com/smallsteplabs).
first pass at README 2018-11-01 07:46:13 +00:00			`# Step Certificates`

Round 2 of README updates 2020-07-20 21:10:36 +00:00			`step-ca` is an online certificate authority for secure, automated certificate management. It's the server counterpart to the [`step` CLI tool](https://github.com/smallstep/cli).
Review and polish README * Break out getting-started guide * add quickstart guide * update gif * remove table of contents and remove with top bar links 2019-02-19 00:00:16 +00:00
First stab at a README update 😱 2020-07-09 01:42:43 +00:00			`You can use it to:`
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`- Issue X.509 certificates for your internal infrastructure:`
			`- HTTPS certificates that [work in browsers](https://smallstep.com/blog/step-v0-8-6-valid-HTTPS-certificates-for-dev-pre-prod.html) ([RFC5280](https://tools.ietf.org/html/rfc5280) and [CA/Browser Forum](https://cabforum.org/baseline-requirements-documents/) compliance)`
			`- TLS certificates for VMs, containers, APIs, mobile clients, database connections, printers, wifi networks, toaster ovens...`
			`- Client certificates to [enable mutual TLS (mTLS)](https://smallstep.com/hello-mtls) in your infra. mTLS is an optional feature in TLS where both client and server authenticate each other. Why add the complexity of a VPN when you can safely use mTLS over the public internet?`
			`- Issue SSH certificates:`
			`- For people, in exchange for single sign-on ID tokens`
			`- For hosts, in exchange for cloud instance identity documents`
			`- Easily automate certificate management:`
			`- It's an ACME v2 server`
			`- It has a JSON API`
			`- It comes with a [Go wrapper](./examples#user-content-basic-client-usage)`
			`- ... and there's a [command-line client](https://github.com/smallstep/cli) you can use in scripts!`

Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			Whatever your use case, `step-ca` is easy to use and hard to misuse, thanks to [safe, sane defaults](https://smallstep.com/docs/step-ca/certificate-authority-server-production#sane-cryptographic-defaults).
Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00
Add Certificate Manager notice for the pragmatic folks 2021-08-25 16:54:22 +00:00			`---`

			`Don't want to run your own CA?`
			To get up and running quickly, or as an alternative to running your own `step-ca` server, consider creating a [free hosted smallstep Certificate Manager authority](https://info.smallstep.com/certificate-manager-early-access-mvp/).

			`---`

Update README.md 2021-10-20 22:53:04 +00:00			`Questions? Find us in [Discussions](https://github.com/smallstep/certificates/discussions) or [Join our Discord](https://u.step.sm/discord).`
Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00
First stab at a README update 😱 2020-07-09 01:42:43 +00:00			`[Website](https://smallstep.com/certificates) \|`
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			`[Documentation](https://smallstep.com/docs) \|`
Updates to README * forward installation and quickstart to website * remove quickstart completely as it's a copy of the getting started 2021-04-06 19:58:36 +00:00			`[Installation](https://smallstep.com/docs/step-ca/installation) \|`
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			`[Getting Started](https://smallstep.com/docs/step-ca/getting-started) \|`
			`[Contributor's Guide](./docs/CONTRIBUTING.md)`
Review and polish README * Break out getting-started guide * add quickstart guide * update gif * remove table of contents and remove with top bar links 2019-02-19 00:00:16 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`[![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases/latest)`
Review and polish README * Break out getting-started guide * add quickstart guide * update gif * remove table of contents and remove with top bar links 2019-02-19 00:00:16 +00:00			`[![Go Report Card](https://goreportcard.com/badge/github.com/smallstep/certificates)](https://goreportcard.com/report/github.com/smallstep/certificates)`
Update build status svg and link to github actions 2022-09-14 17:53:30 +00:00			`[![Build Status](https://github.com/smallstep/certificates/actions/workflows/test.yml/badge.svg)](https://github.com/smallstep/certificates)`
Review and polish README * Break out getting-started guide * add quickstart guide * update gif * remove table of contents and remove with top bar links 2019-02-19 00:00:16 +00:00			`[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)`
			`[![CLA assistant](https://cla-assistant.io/readme/badge/smallstep/certificates)](https://cla-assistant.io/smallstep/certificates)`
first pass at README 2018-11-01 07:46:13 +00:00
Added github badges 2019-02-16 01:47:20 +00:00			`[![GitHub stars](https://img.shields.io/github/stars/smallstep/certificates.svg?style=social)](https://github.com/smallstep/certificates/stargazers)`
			`[![Twitter followers](https://img.shields.io/twitter/follow/smallsteplabs.svg?label=Follow&style=social)](https://twitter.com/intent/follow?screen_name=smallsteplabs)`

Star gif 2021-12-07 18:02:44 +00:00			`![star us](https://github.com/smallstep/certificates/raw/master/docs/images/star.gif)`

Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00			`## Features`

Round 2 of README updates 2020-07-20 21:10:36 +00:00			`### 🦾 A fast, stable, flexible private CA`

			Setting up a public key infrastructure (PKI) is out of reach for many small teams. `step-ca` makes it easier.
Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`- Choose key types (RSA, ECDSA, EdDSA) and lifetimes to suit your needs`
			`- [Short-lived certificates](https://smallstep.com/blog/passive-revocation.html) with automated enrollment, renewal, and passive revocation`
First stab at a README update 😱 2020-07-09 01:42:43 +00:00			`- Capable of high availability (HA) deployment using [root federation](https://smallstep.com/blog/step-v0.8.3-federation-root-rotation.html) and/or multiple intermediaries`
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			`- Can operate as [an online intermediate CA for an existing root CA](https://smallstep.com/docs/tutorials/intermediate-ca-new-ca)`
add Postgres to available databases in README 2022-04-12 22:21:18 +00:00			`- [Badger, BoltDB, Postgres, and MySQL database backends](https://smallstep.com/docs/step-ca/configuration#databases)`
Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00
Fix RHEL/CentOS install docs 2020-09-17 03:53:58 +00:00			`### ⚙️ Many ways to automate`
Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`There are several ways to authorize a request with the CA and establish a chain of trust that suits your flow.`
First stab at a README update 😱 2020-07-09 01:42:43 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`You can issue certificates in exchange for:`
			`- [ACME challenge responses](#your-own-private-acme-server) from any ACMEv2 client`
			`- [OAuth OIDC single sign-on tokens](https://smallstep.com/blog/easily-curl-services-secured-by-https-tls.html), eg:`
			`- ID tokens from Okta, GSuite, Azure AD, Auth0.`
			`- ID tokens from an OAuth OIDC service that you host, like [Keycloak](https://www.keycloak.org/) or [Dex](https://github.com/dexidp/dex)`
			`- [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/), for VMs on AWS, GCP, and Azure`
README link fixes 2021-07-19 18:05:01 +00:00			`- [Single-use, short-lived JWK tokens](https://smallstep.com/docs/step-ca/provisioners#jwk) issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc.`
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`- A trusted X.509 certificate (X5C provisioner)`
Update README.md 2022-06-30 17:27:05 +00:00			`- A host certificate from your Nebula network`
Update README.md * Add SCEP support * Fix ACME tutorial URLs 2021-10-19 23:53:41 +00:00			`- A SCEP challenge (SCEP provisioner)`
			`- An SSH host certificates needing renewal (the SSHPOP provisioner)`
README link fixes 2021-07-19 18:05:01 +00:00			`- Learn more in our [provisioner documentation](https://smallstep.com/docs/step-ca/provisioners)`
Added ACME support to features list 2019-09-17 16:52:36 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`### 🏔 Your own private ACME server`
First stab at a README update 😱 2020-07-09 01:42:43 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS certificates. It's _super easy_ to issue certificates to any ACMEv2 ([RFC8555](https://tools.ietf.org/html/rfc8555)) client.`
First stab at a README update 😱 2020-07-09 01:42:43 +00:00
			`- [Use ACME in development & pre-production](https://smallstep.com/blog/private-acme-server/#local-development--pre-production)`
WIP readme changes 2020-07-13 16:28:46 +00:00			`- Supports the most popular [ACME challenge types](https://letsencrypt.org/docs/challenge-types/):`
			- For `http-01`, place a token at a well-known URL to prove that you control the web server
			- For `dns-01`, add a `TXT` record to prove that you control the DNS record set
			- For `tls-alpn-01`, respond to the challenge at the TLS layer ([as Caddy does](https://caddy.community/t/caddy-supports-the-acme-tls-alpn-challenge/4860)) to prove that you control the web server

First stab at a README update 😱 2020-07-09 01:42:43 +00:00			`- Works with any ACME client. We've written examples for:`
Update README.md * Add SCEP support * Fix ACME tutorial URLs 2021-10-19 23:53:41 +00:00			`- [certbot](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#certbot)`
			`- [acme.sh](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#acmesh)`
			`- [win-acme](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#win-acme)`
			`- [Caddy](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#caddy-v2)`
			`- [Traefik](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#traefik)`
			`- [Apache](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#apache)`
			`- [nginx](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#nginx)`
First stab at a README update 😱 2020-07-09 01:42:43 +00:00			`- Get certificates programmatically using ACME, using these libraries:`
Update README.md * Add SCEP support * Fix ACME tutorial URLs 2021-10-19 23:53:41 +00:00			- [`lego`](https://github.com/go-acme/lego) for Golang ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#golang))
			- certbot's [`acme` module](https://github.com/certbot/certbot/tree/master/acme) for Python ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#python))
			- [`acme-client`](https://github.com/publishlab/node-acme-client) for Node.js ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#node))
README: Fix url to step cli tool 2020-08-20 14:43:05 +00:00			- Our own [`step` CLI tool](https://github.com/smallstep/cli) is also an ACME client!
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			`- See our [ACME tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more`
Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`### 👩🏽‍💻 An online SSH Certificate Authority`
Added SSH certs to features 2019-09-16 04:27:04 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			- Delegate SSH authentication to `step-ca` by using [SSH certificates](https://smallstep.com/blog/use-ssh-certificates/) instead of public keys and `authorized_keys` files
			`- For user certificates, [connect SSH to your single sign-on provider](https://smallstep.com/blog/diy-single-sign-on-for-ssh/), to improve security with short-lived certificates and MFA (or other security policies) via any OAuth OIDC provider.`
			`- For host certificates, improve security, [eliminate TOFU warnings](https://smallstep.com/blog/use-ssh-certificates/), and set up automated host certificate renewal.`
Added SSH certs to features 2019-09-16 04:27:04 +00:00
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			### 🤓 A general purpose PKI tool, via [`step` CLI](https://github.com/smallstep/cli) [integration](https://smallstep.com/docs/step-cli/reference/ca/)
Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00
			`- Generate key pairs where they're needed so private keys are never transmitted across the network`
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			- [Authenticate and obtain a certificate](https://smallstep.com/docs/step-cli/reference/ca/certificate/) using any provisioner supported by `step-ca`
			`- Securely [distribute root certificates](https://smallstep.com/docs/step-cli/reference/ca/root/) and [bootstrap](https://smallstep.com/docs/step-cli/reference/ca/bootstrap/) PKI relying parties`
			- [Renew](https://smallstep.com/docs/step-cli/reference/ca/renew/) and [revoke](https://smallstep.com/docs/step-cli/reference/ca/revoke/) certificates issued by `step-ca`
			`- [Install root certificates](https://smallstep.com/docs/step-cli/reference/certificate/install/) on your machine and browsers, so your CA is trusted`
			`- [Inspect](https://smallstep.com/docs/step-cli/reference/certificate/inspect/) and [lint](https://smallstep.com/docs/step-cli/reference/certificate/lint/) certificates`
Updated README with features & a bunch of cleanup 2019-08-28 18:58:53 +00:00
Updates to README * forward installation and quickstart to website * remove quickstart completely as it's a copy of the getting started 2021-04-06 19:58:36 +00:00			`## Installation`
first pass at README 2018-11-01 07:46:13 +00:00
Updates to README * forward installation and quickstart to website * remove quickstart completely as it's a copy of the getting started 2021-04-06 19:58:36 +00:00			`See our installation docs [here](https://smallstep.com/docs/step-ca/installation).`
Add section on hardening and securing the CA. 2018-11-21 06:30:13 +00:00
Review and polish README * Break out getting-started guide * add quickstart guide * update gif * remove table of contents and remove with top bar links 2019-02-19 00:00:16 +00:00			`## Documentation`
Add section on hardening and securing the CA. 2018-11-21 06:30:13 +00:00
docs sub repo update 2019-04-30 00:50:30 +00:00			`Documentation can be found in a handful of different places:`
Add section on hardening and securing the CA. 2018-11-21 06:30:13 +00:00
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			`1. On the web at https://smallstep.com/docs/step-ca.`
Add section on hardening and securing the CA. 2018-11-21 06:30:13 +00:00
Fix help command indication 2020-02-08 11:31:49 +00:00			2. On the command line with `step help ca xxx` where `xxx` is the subcommand
			you are interested in. Ex: `step help ca provisioner list`.
Add section on hardening and securing the CA. 2018-11-21 06:30:13 +00:00
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			3. In your browser, by running `step help --http=:8080 ca` from the command line
docs sub repo update 2019-04-30 00:50:30 +00:00			`and visiting http://localhost:8080.`
Add section on hardening and securing the CA. 2018-11-21 06:30:13 +00:00
Update READMEs with links to new docs 2020-10-27 23:20:45 +00:00			`4. The [docs](./docs/README.md) folder is being deprecated, but it still has some documentation and tutorials.`
Bunch of typos and misformatting 2019-06-11 15:28:43 +00:00
Round 2 of README updates 2020-07-20 21:10:36 +00:00			`## Feedback?`
Add section on hardening and securing the CA. 2018-11-21 06:30:13 +00:00
Change Gitter links to GH Discussions tab 2020-09-23 23:36:37 +00:00			`* Tell us what you like and don't like about managing your PKI - we're eager to help solve problems in this space.`
			`* Tell us about a feature you'd like to see! [Add a feature request Issue](https://github.com/smallstep/certificates/issues/new?assignees=&labels=enhancement%2C+needs+triage&template=enhancement.md&title=), [ask on Discussions](https://github.com/smallstep/certificates/discussions), or hit us up on [Twitter](https://twitter.com/smallsteplabs).`