Install step-ca using Winget - wingetCollections
Go back Packages step-ca Use this command to install step-ca:
winget install --id=Smallstep.step-ca -e Copy WinGet command to clipboard
A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management.
step-ca is a private certificate authority (X.509 & SSH) and ACME server designed to provide secure, automated certificate management for DevOps teams and security professionals.
Key Features:
Issues HTTPS server and client certificates compliant with RFC5280 and CA/Browser Forum standards.
Manages TLS certificates for DevOps use cases, including VMs, containers, APIs, databases, and Kubernetes pods.
Supports SSH certificate issuance for user authentication via single sign-on (SSO) tokens or host identity documents.
Enables automated enrollment, renewal, and passive revocation with short-lived certificates.
Integrates with multiple provisioners, including OAuth OIDC, ACME, cloud instance identities, and SCEP.
Acts as an ACME server compatible with popular clients like certbot, acme.sh, and Caddy.
Audience & Benefit:
Ideal for DevOps teams, security engineers, and organizations seeking to simplify certificate lifecycle management. step-ca helps automate PKI operations, reduce manual overhead, and enhance security by enabling short-lived certificates and seamless integration with existing identity providers and infrastructure tools. It supports both X.509 and SSH use cases, making it a versatile solution for modern DevOps environments.
step-ca can be installed via winget, ensuring easy setup and deployment.
README step-ca
step-ca
is an online certificate authority for secure, automated certificate management for DevOps.
It's the server counterpart to the step
CLI tool for working with certificates and keys.
Both projects are maintained by Smallstep Labs .
You can use step-ca
to:
Issue HTTPS server and client certificates that work in browsers (RFC5280 and CA/Browser Forum compliance)
Issue TLS certificates for DevOps: VMs, containers, APIs, database connections, Kubernetes pods...
Issue SSH certificates:
For people, in exchange for single sign-on identity tokens
For hosts, in exchange for cloud instance identity documents
Easily automate certificate management:
Comparison with Smallstep's commercial product
step-ca
is optimized for a two-tier PKI serving common DevOps use cases.
As you design your PKI, if you need any of the following, consider our commerical CA :
Related Programs Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and
The new Windows Terminal, a tabbed command line experience for Windows.
GitHub CLI (gh) is a command-line tool that brings pull requests, issues, GitHub Actions, and other GitHub features to your terminal, so you can do
Prompt theme engine for any shell
Rclone ("rsync for cloud storage") is a command-line program to sync files and directories to and from different cloud storage providers.
NuGet is the package manager for .NET. It enables developers to create, share, and consume useful .NET libraries. NuGet client tools provide the
kubectx is a tool to switch between contexts (clusters) on kubectl faster.
The AWS CLI is an open source tool built on top of the AWS SDK for Python (Boto) that provides commands for interacting with AWS services.
With
The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure
Define and run multi-container applications with Docker
with simple configuration files and command: docker-compose up
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and
The new Windows Terminal, a tabbed command line experience for Windows.
GitHub CLI (gh) is a command-line tool that brings pull requests, issues, GitHub Actions, and other GitHub features to your terminal, so you can do
Prompt theme engine for any shell
Rclone ("rsync for cloud storage") is a command-line program to sync files and directories to and from different cloud storage providers.
NuGet is the package manager for .NET. It enables developers to create, share, and consume useful .NET libraries. NuGet client tools provide the
kubectx is a tool to switch between contexts (clusters) on kubectl faster.
The AWS CLI is an open source tool built on top of the AWS SDK for Python (Boto) that provides commands for interacting with AWS services.
With
The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure
Define and run multi-container applications with Docker
with simple configuration files and command: docker-compose up
0.28.4
Copy WinGet command to clipboard 0.28.3
Copy WinGet command to clipboard 0.28.2
Copy WinGet command to clipboard 0.28.1
Copy WinGet command to clipboard 0.28.0
Copy WinGet command to clipboard 0.27.5
Copy WinGet command to clipboard 0.27.4
Copy WinGet command to clipboard 0.27.2
Copy WinGet command to clipboard 0.27.1
Copy WinGet command to clipboard 0.27.0
Copy WinGet command to clipboard
Multiple certificate authorities
Active revocation (CRL, OSCP)
Turnkey high-volume, high availability CA
An API for seamless IaC management of your PKI
Integrated support for SCEP & NDES, for migrating from legacy Active Directory Certificate Services deployments
Device identity β cross-platform device inventory and attestation using Secure Enclave & TPM 2.0
Highly automated PKI β managed certificate renewal, monitoring, TPM-based attested enrollment
Seamless client deployments of EAP-TLS Wi-Fi, VPN, SSH, and browser certificates
Jamf, Intune, or other MDM for root distribution and client enrollment
Web Admin UI β history, issuance, and metrics
ACME External Account Binding (EAB)
Deep integration with an identity provider
Fine-grained, role-based access control
FIPS-compliant software
HSM-bound private keys
Features
π¦Ύ A fast, stable, flexible private CA Setting up a public key infrastructure (PKI) is out of reach for many small teams. step-ca
makes it easier.
βοΈ Many ways to automate There are several ways to authorize a request with the CA and establish a chain of trust that suits your flow.
You can issue certificates in exchange for:
ACME challenge responses from any ACMEv2 client
OAuth OIDC single sign-on tokens , eg:
ID tokens from Okta, GSuite, Azure AD, Auth0.
ID tokens from an OAuth OIDC service that you host, like Keycloak or Dex
Cloud instance identity documents , for VMs on AWS, GCP, and Azure
Single-use, short-lived JWK tokens issued by your CD tool β Puppet, Chef, Ansible, Terraform, etc.
A trusted X.509 certificate (X5C provisioner)
A host certificate from your Nebula network
A SCEP challenge (SCEP provisioner)
An SSH host certificates needing renewal (the SSHPOP provisioner)
Learn more in our provisioner documentation
π Your own private ACME server ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS certificates. It's super easy to issue certificates to any ACMEv2 (RFC8555 ) client.
Use ACME in development & pre-production
Supports the most popular ACME challenge types :
For http-01
, place a token at a well-known URL to prove that you control the web server
For dns-01
, add a TXT
record to prove that you control the DNS record set
For tls-alpn-01
, respond to the challenge at the TLS layer (as Caddy does ) to prove that you control the web server
Works with any ACME client. We've written examples for:
Get certificates programmatically using ACME, using these libraries:
Our own step
CLI tool is also an ACME client!
See our ACME tutorial for more
π©π½βπ» An online SSH Certificate Authority
Delegate SSH authentication to step-ca
by using SSH certificates instead of public keys and authorized_keys
files
For user certificates, connect SSH to your single sign-on provider , to improve security with short-lived certificates and MFA (or other security policies) via any OAuth OIDC provider.
For host certificates, improve security, eliminate TOFU warnings , and set up automated host certificate renewal.
Installation See our installation docs here .
Documentation
Feedback? zoxide is a smarter cd command, inspired by z and autojump. It remembers which directories you use most frequently, so you can "jump" to them in just
zoxide is a smarter cd command, inspired by z and autojump. It remembers which directories you use most frequently, so you can "jump" to them in just
Resource Hacker is a program that allows you to compile and decompile various resources and file types.
Resource Hacker is a program that allows you to compile and decompile various resources and file types.
Simple terminal UI for git commands.
Simple terminal UI for git commands.
AI Shell is a CLI tool that brings the power of artificial intelligence directly to your command line! Designed to help you get command assistance
AI Shell is a CLI tool that brings the power of artificial intelligence directly to your command line! Designed to help you get command assistance
A better UI for your package managers
A better UI for your package managers
yq is a lightweight and portable command-line YAML, JSON and XML processor.
yq uses jq like syntax but works with yaml files as well as json, xml,
yq is a lightweight and portable command-line YAML, JSON and XML processor.
yq uses jq like syntax but works with yaml files as well as json, xml,
yq is a lightweight and portable command-line YAML, JSON and XML processor.
yq uses jq like syntax but works with yaml files as well as json, xml,
The Office Deployment Tool (ODT) is a command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Microsoft
The Office Deployment Tool (ODT) is a command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Microsoft
The Office Deployment Tool (ODT) is a command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Microsoft
The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications.
The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications.
The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications.