Versions:
step-ca 0.30.2, developed by Smallstep, is a compact, cloud-native private certificate authority that issues both X.509 and SSH credentials through automated protocols such as ACME, OIDC, and SCEP. Designed for DevOps, platform, and security teams, the tool eliminates manual CSR workflows by exposing a lightweight REST API that can be embedded in CI/CD pipelines, container orchestrators, or configuration-management playbooks. Typical use cases include enabling mutual TLS inside Kubernetes clusters, issuing short-lived SSH host and user certificates to replace static SSH keys, powering internal ACME-compatible load balancers or service meshes, and supporting SCEP enrollment for mobile or IoT fleets. Because the server can be driven entirely through declarative JSON/YAML templates, administrators can define hierarchical certificate policies, custom SAN rules, and fine-grained renewal windows without touching OpenSSL command lines. The same binary also acts as an online SSH CA, signing user and host public keys so that fleets can rotate certificates hourly while central auditing and revocation remain straightforward. Since its first public appearance the project has evolved through nineteen numbered releases, each narrowing the gap between public-trust PKI best practices and internal, firewalled environments. The current 0.30.2 build ships with improved ACME order validation, updated SCEP encryption suites, and tighter OIDC integration for popular identity providers. step-ca is available for free on get.nero.com, where downloads are delivered through trusted Windows package sources such as winget, always providing the latest version and supporting batch installation of multiple applications.
Tags: