step-ca

Identity

• Binary: step-ca (the CA server), step (the CLI client)
• Config: $(step path)/config/ca.json — typically ~/.step/config/ca.json or /etc/step-ca/config/ca.json when running as a service
• Root CA cert: $(step path)/certs/root_ca.crt
• Intermediate cert: $(step path)/certs/intermediate_ca.crt
• Service: step-ca.service (systemd) or a Docker container
• Default port: 9000 (configurable in ca.json → address)
• Logs: journalctl -u step-ca (systemd) or container stdout

Key Operations