NAME¶

step-pkcs11-init - initialize PKI for step-ca

DESCRIPTION¶

The step-pkcs11-init command initializes a public key infrastructure (PKI) to be used by step-ca.

This tool is experimental and in the future it will be integrated in step cli.

OPTIONS¶

-crt-cert string

PKCS #11 URI with object id and label to store the intermediate certificate. (default "pkcs11:id=7331;object=intermediate-cert")

-crt-key string

PKCS #11 URI with object id and label to store the intermediate certificate. (default "pkcs11:id=7331;object=intermediate-key")

-force

Force the delete of previous keys.

-key string

Path to the root key to use.

-kms string

PKCS #11 URI with the module-path and token to connect to the module. (default "pkcs11:module-path=/usr/lib/x86_64-linux-gnu/pkcs11/yubihsm_pkcs11.so;token=YubiHSM")

-no-certs

Do not store certificates in the module.

-pin string

PKCS #11 PIN

-root string

Path to the root certificate to use.

-root-cert string

PKCS #11 URI with object id and label to store the root certificate. (default "pkcs11:id=7330;object=root-cert")

-root-key string

PKCS #11 URI with object id and label to store the root key. (default "pkcs11:id=7330;object=root-key")

-root-only

Store only only the root certificate and sign and intermediate.

-ssh

Enable the creation of ssh keys.

-ssh-host-key string

PKCS #11 URI with object id and label to store the key used to sign SSH host certificates. (default "pkcs11:id=7332;object=ssh-host-key")

-ssh-user-key string

PKCS #11 URI with object id and label to store the key used to sign SSH user certificates. (default "pkcs11:id=7333;object=ssh-user-key")

COPYRIGHT¶

(c) 2018-2020 Smallstep Labs, Inc.

AUTHOR¶

This manpage was written by Peymaneh Nejad for the Debian distribution and can be used for any other usage of the program.