π£ step CLIΒΆ
Thereβs an official step CLI documentation, but here are the most common CLI commands.
Single subject certificateΒΆ
To get a new certificate with a single subject:
step ca certificate {Subject} cert.crt cert.key
Hint
If multiple provisioners are available, you can select it interactively.
To explicitly define a provisioner, use the --provisioner={provisioner} CLI argument.
Multiple SAN certificateΒΆ
To get a new certificate with multiple SANs:
step ca certificate {Subject} cert.crt cert.key \
--san {Subject} \
--san {SANβ¦} \
--san {SANβ¦}
Important
The subject needs to be included in the SANs as well.
Convert PKCS #12ΒΆ
To convert a certificate with its private key to a PKCS #12:
# Via step CLI (not compatible with macOS keychain).
step certificate p12 cert.p12 cert.crt cert.key
# Via OpenSSL (compatible with macOS keychain).
openssl pkcs12 -export -legacy -out cert.p12 -inkey cert.key -in cert.crt
See also
Please read the PKCS #12 incompatibility chapter if you want to know more about the PKCS #12 issues (on macOS).