> Note: If you have installed `step` previously through the `smallstep/smallstep`
> tap you will need to run the following commands before installing:
>
>
> ```
> $ brew untap smallstep/smallstep
> $ brew uninstall step
@ -177,23 +177,20 @@ You can use [pacman](https://www.archlinux.org/pacman/) to install the packages.
#### RHEL/CentOS
There are a few subtle yet important things to getting this setup, at the time of this writing the package cannot be installed via yum (its a feature request). So this is how we setup this on RHEL following some best practices.
Install `step-ca` by unzipping and copying the executable over to `/usr/bin`:
```
$ tar -xf step-ca.tar.gz
$ cd step-certificates_X.Y.Z/bin/
$ mv step-ca /usr/bin
```
3. Now your users can call the step and step-ca commands, create a 'smallstep' user that doesn't have login permitted and will only be used as a service user for systemctl to manage this service.
```
$ useradd smallstep
$ passwd -l smallstep
```
This creates a home directory for smallstep, as root sudo to the smallstep user, and perform the getting-started steps to setup the CA on this box as that user, we chose to put the password in a file in this example but you can mess with other solutions, we then made this systemctl service file
The following are a few example commands you can use to check the status,
enable on restart, and start your `systemctl` service.
```
# Check the current status of the `step-ca` service
$ systemctl status step-ca
# Configure the `step-ca` process to startup on reboot automatically
$ systemctl enable step-ca
# Start the `step-ca` service.
$ systemctl start smallstep
```
## Configure Your Environment
**Note**: Configuring your environment is only necessary for remote servers
@ -442,7 +485,9 @@ types of certs. Each of these provisioners must have unique keys.
## Use Custom Claims for Provisioners to Control Certificate Validity etc
It's possible to configure provisioners on the CA to issue certs using properties specific to their target environments. Most commonly different validity periods and disabling renewals for certs. Here's how:
It's possible to configure provisioners on the CA to issue certs using
properties specific to their target environments. Most commonly different
validity periods and disabling renewals for certs. Here's how: