@ -103,270 +102,9 @@ ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS cer
- [Install root certificates](https://smallstep.com/docs/step-cli/reference/certificate/install/) on your machine and browsers, so your CA is trusted
- [Inspect](https://smallstep.com/docs/step-cli/reference/certificate/inspect/) and [lint](https://smallstep.com/docs/step-cli/reference/certificate/lint/) certificates
## Installation Guide
## Installation
These instructions will install an OS specific version of the `step-ca` binary on
your local machine.
Want to build from source? See [our contributor's guide](./docs/CONTRIBUTING.md)
### Mac OS
Install `step` and `step-ca` together, via [Homebrew](https://brew.sh/):
```
$ brew install step
```
### Linux
> **Note:** The [`step` CLI tool](https://github.com/smallstep/cli) is the easiest way to initialize, configure, and control `step-ca`. While `step` is not technically required to run `step-ca`, it is very much recommended.
Your PKI is ready to go. To generate certificates for individual services see 'step help ca'.</code></pre>
This command will:
- Generate [password protected](https://github.com/smallstep/certificates/blob/master/docs/GETTING_STARTED.md#passwords) private keys for your CA to sign certificates
- Generate a root and [intermediate signing certificate](https://security.stackexchange.com/questions/128779/why-is-it-more-secure-to-use-intermediate-ca-certificates) for your CA
- Create a JSON configuration file for `step-ca` (see [configuration docs](https://smallstep.com/docs/step-ca/configuration) for details)
You can find these artifacts in `$STEPPATH` (or `~/.step` by default).
#### 2. Start `step-ca`:
You'll be prompted for your password from the previous step, to decrypt the CA's private signing key:
Serial Number: 140439335711218707689123407681832384336 (0x69a7a1d7f6f22f68059d2d9088307750)
Signature Algorithm: ECDSA-SHA256
Issuer: CN=Example Inc. Intermediate CA
Validity
Not Before: Feb 18 21:32:35 2019 UTC
Not After : Feb 19 21:32:35 2019 UTC
Subject: CN=localhost
...
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 207035091234452090159026162349261226844 (0x9bc18217bd560cf07db23178ed90835c)
Signature Algorithm: ECDSA-SHA256
Issuer: CN=Example Inc. Root CA
Validity
Not Before: Feb 18 21:27:21 2019 UTC
Not After : Feb 15 21:27:21 2029 UTC
Subject: CN=Example Inc. Intermediate CA
...</code></pre>
Note that `step` and `step-ca` handle details like [certificate bundling](https://smallstep.com/blog/everything-pki.html#intermediates-chains-and-bundling) for you.
#### 5. Run the simple server.
<pre><code><b>$ go run srv.go &</b></code></pre>
#### 6. Get the root certificate from the Step CA.
In a new Terminal window:
<pre><code><b>$ step ca root root.crt</b>
The root certificate has been saved in root.crt.</code></pre>
#### 7. Make an authenticated, encrypted curl request to your server using HTTP over TLS.