table of contents
STEP-PKCS11-INIT(1) | User Commands | STEP-PKCS11-INIT(1) |
NAME¶
step-pkcs11-init - initialize PKI for step-ca
DESCRIPTION¶
The step-pkcs11-init command initializes a public key infrastructure (PKI) to be used by step-ca.
This tool is experimental and in the future it will be integrated in step cli.
OPTIONS¶
-crt-cert string
- PKCS #11 URI with object id and label to store the intermediate certificate. (default "pkcs11:id=7331;object=intermediate-cert")
-crt-key string
- PKCS #11 URI with object id and label to store the intermediate certificate. (default "pkcs11:id=7331;object=intermediate-key")
-force
- Force the delete of previous keys.
-key string
- Path to the root key to use.
-kms string
- PKCS #11 URI with the module-path and token to connect to the module. (default "pkcs11:module-path=/usr/lib/x86_64-linux-gnu/pkcs11/yubihsm_pkcs11.so;token=YubiHSM")
-no-certs
- Do not store certificates in the module.
-pin string
- PKCS #11 PIN
-root string
- Path to the root certificate to use.
-root-cert string
- PKCS #11 URI with object id and label to store the root certificate. (default "pkcs11:id=7330;object=root-cert")
-root-key string
- PKCS #11 URI with object id and label to store the root key. (default "pkcs11:id=7330;object=root-key")
-root-only
- Store only only the root certificate and sign and intermediate.
-ssh
- Enable the creation of ssh keys.
-ssh-host-key string
- PKCS #11 URI with object id and label to store the key used to sign SSH host certificates. (default "pkcs11:id=7332;object=ssh-host-key")
-ssh-user-key string
- PKCS #11 URI with object id and label to store the key used to sign SSH user certificates. (default "pkcs11:id=7333;object=ssh-user-key")
COPYRIGHT¶
(c) 2018-2020 Smallstep Labs, Inc.
AUTHOR¶
This manpage was written by Peymaneh Nejad for the Debian distribution and can be used for any other usage of the program.
August 2021 | step-pkcs11-init 0.15.15 |