Certificates Versions Save

πŸ›‘οΈ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

v0.26.0

1 month ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate step-ca_darwin_0.26.0_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.26.0_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.26.0_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • 395a3eeb Update go.step.sm/crypto (#1781)
  • 4772d7cc Merge pull request #1780 from smallstep/herman/update-changelog-20240328
  • 854288a0 Update changelog for v0.26.0 release
  • 4016b69b Merge pull request #1776 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.12.2
  • b5b723e8 Merge pull request #1775 from smallstep/dependabot/go_modules/google.golang.org/api-0.171.0
  • 0a6e79a7 Merge pull request #1778 from smallstep/dependabot/github_actions/dependabot/fetch-metadata-2.0.0
  • 9d86361a Bump github.com/hashicorp/vault/api from 1.12.1 to 1.12.2
  • 7e053437 Merge pull request #1774 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.1
  • 014b4ef2 Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0
  • 21734f77 Bump google.golang.org/api from 0.169.0 to 0.171.0
  • 927cd97b Bump go.step.sm/crypto from 0.43.1 to 0.44.1

Thanks!

Those were the changes on v0.26.0!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

v0.26.0-rc2

1 month ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate step-ca_darwin_0.26.0-rc2_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.26.0-rc2_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.26.0-rc2_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • 2650944d Merge pull request #1773 from smallstep/herman/cosign-2.x
  • 7888d868 Use --yes to acknowledge user prompts for cosign signing

Thanks!

Those were the changes on v0.26.0-rc2!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

v0.26.0-rc1

1 month ago

v0.25.3-rc7

1 month ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate step-ca_darwin_0.25.3-rc7_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.25.3-rc7_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.25.3-rc7_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • 1583e53c Merge branch 'master' into wire-acme-extensions
  • ec223c1c Merge pull request #1748 from smallstep/dependabot/go_modules/github.com/stretchr/testify-1.9.0
  • b7e3e0be Merge pull request #1746 from smallstep/dependabot/go_modules/google.golang.org/api-0.167.0
  • 022deaf6 Merge pull request #1749 from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.19.0
  • 5853c732 Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0
  • cf0d6f8f Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
  • 69c7ca98 Bump google.golang.org/api from 0.165.0 to 0.167.0
  • 755ae0b7 Fix Wire mock CA interface implementation
  • 364566bb Merge branch 'master' into wire-acme-extensions
  • 10aa48c7 Merge pull request #1743 from smallstep/herman/improve-request-id
  • 2a47644d Fix linting issue
  • d392c169 Improve functional coverage of request ID integration test
  • 7fd524f7 Default to generating request IDs using UUIDv4 format in CA
  • 0898c6db Use UUIDv4 as automatically generated client request identifier
  • 0d5c692b Merge pull request #1744 from smallstep/carl/readme-updates
  • cd3e91b1 Updated README
  • b9d6bfc1 Cleanup CA client tests by removing smallstep/assert
  • 532b9df0 Improve CA client request ID handling
  • 06696e64 Move user ID handling to userid package
  • 7e5f1092 Decouple request ID middleware from logging middleware
  • 535e2a96 Fix the e2e request ID test (again)
  • b83b8aa0 Make random TCP address reservation more contained
  • 2255857b Fix client shadowing and e2e request ID test case
  • 5c2572c4 Add support for user provider X-Request-Id header value
  • cf8a5015 Add a basic e2e test for X-Request-Id reflection
  • fb4cd6fe fix: Webhook-related instruments
  • a58f5956 Add reflection of request ID in X-Request-Id response header
  • c798735f Merge pull request #1542 from smallstep/herman/webhook-request-id
  • c1c2e734 Add X-Request-Id to all requests made by our CA clients
  • 4213a190 Use X-Request-Id as canonical request identifier (if available)
  • 041b486c Remove usages of Sign without context
  • c16a0b70 Remove smallstep/assert and pkg/errors from webhook tests
  • 96895087 Add tests for webhook request IDs
  • 2a8b80a3 Merge branch 'master' into herman/webhook-request-id
  • 6ce502c5 Merge pull request #1741 from smallstep/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.2
  • 0d2aeff9 Merge pull request #1739 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.62.0
  • 5ee2e027 Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2
  • e4bbe897 Bump google.golang.org/grpc from 1.61.0 to 1.62.0
  • 98a976b5 Merge pull request #1740 from smallstep/dependabot/go_modules/github.com/fxamacker/cbor/v2-2.6.0
  • a583b59e Merge pull request #1738 from smallstep/dependabot/go_modules/github.com/googleapis/gax-go/v2-2.12.2
  • 0b196b0b Bump github.com/fxamacker/cbor/v2 from 2.5.0 to 2.6.0
  • fa941dc9 Bump github.com/googleapis/gax-go/v2 from 2.12.0 to 2.12.2
  • bb6aae0d Merge pull request #1736 from patsevanton/master
  • c2dfe595 Π‘orrection of spelling errors
  • 0d4f53f5 Merge branch 'master' into wire-acme-extensions
  • e968275a Merge pull request #1729 from patsevanton/master
  • 7e1b93b6 Update examples/README.md
  • dc577e22 Merge pull request #1724 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.30.0
  • 3a2b4268 Bump github.com/newrelic/go-agent/v3 from 3.29.1 to 3.30.0
  • f7554a0a Merge pull request #1725 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/kubernetes-0.6.0
  • 685e107b Merge pull request #1726 from smallstep/dependabot/go_modules/google.golang.org/api-0.165.0
  • 0a074cb8 Spelling errors and punctuation have been corrected
  • 8e1f5385 Bump google.golang.org/api from 0.160.0 to 0.165.0
  • e6491ca2 Merge pull request #1727 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.1
  • 507f4d04 Bump go.step.sm/crypto from 0.43.0 to 0.43.1
  • 2ffc9081 Bump github.com/hashicorp/vault/api/auth/kubernetes from 0.5.0 to 0.6.0
  • 0a97e1bd Merge branch 'master' into wire-acme-extensions
  • bb296c9d Merge pull request #1708 from smallstep/herman/csr-expires-header
  • bd99db00 Merge pull request #1685 from venkyg-sec/allow_custom_tls_config
  • 503e5046 Merge branch 'master' into allow_custom_tls_config
  • beea482a Fix linter errors in ca/ca.go
  • 073fcb7e Merge pull request #1684 from venkyg-sec/allow_external_x509_ca_service_intf
  • ac773ff4 Merge branch 'master' into allow_external_x509_ca_service_intf
  • 9fcdd3ff Fix format warnings on ca/ca.go
  • 3dbb4aad Change CRL unavailable case to HTTP 404
  • 5d865b28 Merge pull request #1715 from rvichery/aws-ca-west-1-iid-certificate
  • ee44ac10 fixup! Add AWS ca-west-1 identity document certificate
  • aaf5a1c9 Merge branch 'master' into wire-acme-extensions
  • 490d065c Merge pull request #1713 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/approle-0.6.0
  • 283d46d9 Add AWS ca-west-1 identity document certificate
  • a3bed409 Bump github.com/hashicorp/vault/api/auth/approle from 0.5.0 to 0.6.0
  • d174e788 Merge pull request #1712 from smallstep/dependabot/go_modules/golang.org/x/net-0.21.0
  • 5f91441d Merge pull request #1711 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.5.5
  • a32dade7 Bump golang.org/x/net from 0.20.0 to 0.21.0
  • b9db4e3f Bump cloud.google.com/go/longrunning from 0.5.4 to 0.5.5
  • c76dad8a Improve tests for CRL HTTP handler
  • 69f5f8d8 Use stretchr/testify instead of smallstep/assert for tests
  • d1deb7f9 Add Expires header to CRL response
  • 95fdbc18 Merge pull request #1691 from smallstep/herman/wire-acme-improvements
  • 194341e5 Address review comments
  • 745017cf Add test for OIDC auto discovery configuration
  • 138c1013 Add validation for Wire UserID + DeviceID identifiers
  • 5d7e5330 Add validation of name in DPoP token
  • 2e783011 Simplify the DPoP target provider functionality
  • c6a66228 Improve test coverage for Wire authorizations
  • ef657d7d Fix OIDC target
  • e153be36 Replace smallstep/assert with stretchr/testify for ACME provisioner
  • 37a9f363 Merge branch 'wire-acme-extensions' into herman/wire-acme-improvements
  • 92b61915 Merge branch 'master' into wire-acme-extensions
  • 67246925 Merge pull request #1706 from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.18.0
  • 6d29e8ad Merge pull request #1704 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.0
  • 05ccf846 Merge pull request #1705 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.15.5
  • 78522c75 Bump github.com/prometheus/client_golang from 1.15.1 to 1.18.0
  • 053d05b4 Bump cloud.google.com/go/security from 1.15.4 to 1.15.5
  • 52093931 Bump go.step.sm/crypto from 0.42.1 to 0.43.0
  • e6d9208e Merge branch 'wire-acme-extensions' into herman/wire-acme-improvements
  • ace27c09 Merge branch 'master' into wire-acme-extensions
  • c5792392 Add basic support for OIDC provider instantiation through discovery
  • cd21f8d5 Refactor OIDC verifier instantation to happen only once
  • 19feae52 Add test for ACME initialization with Wire challenges
  • 59ea7312 Merge pull request #1693 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.11.0
  • 78d889a0 Bump github.com/hashicorp/vault/api from 1.10.0 to 1.11.0
  • 2fcb33bd Merge pull request #1695 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.29.1
  • fe926e9a Merge pull request #1694 from smallstep/dependabot/go_modules/github.com/google/uuid-1.6.0
  • 8123d6a4 Merge pull request #1692 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.1
  • d9cf8aa6 Bump github.com/newrelic/go-agent/v3 from 3.29.0 to 3.29.1
  • eeaabbc4 Bump github.com/google/uuid from 1.5.0 to 1.6.0
  • 11220903 Bump go.step.sm/crypto from 0.42.0 to 0.42.1
  • 14e8d471 Skip Wire option validation and initialization if not enabled
  • 8a9b1b3f Move Wire option validation to provisioner initialization
  • 79943d2e Merge branch 'wire-acme-extensions' into herman/wire-acme-improvements
  • a0e4cba0 Merge branch 'master' into wire-acme-extensions
  • dd1ff9c1 Implementation of the Prometheus endpoint (#1669)
  • 4d4719a4 Change URLs used in DPoP template test
  • 356e7070 Allow usage of externally supplied TLS config
  • fbc1e895 Allow x509 Service CA implementation to be injected through ca and authority options
  • 6ee0d70b Add check for empty deviceID in target URI template evaluation
  • 4ef093dc Fix broken tests relying on Sign in mocks
  • 9e3807ea Use SignWithContext in the critical paths
  • 4e06bdbc Add SignWithContext method to authority and mocks
  • b2301ea1 Remove the webhook Do method
  • f3229d3e Propagate (original) request ID to webhook requests

Thanks!

Those were the changes on v0.25.3-rc7!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

v0.25.3-rc6

2 months ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate step-ca_darwin_0.25.3-rc6_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.25.3-rc6_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.25.3-rc6_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • fb4cd6fe fix: Webhook-related instruments
  • c798735f Merge pull request #1542 from smallstep/herman/webhook-request-id
  • 041b486c Remove usages of Sign without context
  • c16a0b70 Remove smallstep/assert and pkg/errors from webhook tests
  • 96895087 Add tests for webhook request IDs
  • 2a8b80a3 Merge branch 'master' into herman/webhook-request-id
  • 6ce502c5 Merge pull request #1741 from smallstep/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.2
  • 0d2aeff9 Merge pull request #1739 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.62.0
  • 5ee2e027 Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2
  • e4bbe897 Bump google.golang.org/grpc from 1.61.0 to 1.62.0
  • 98a976b5 Merge pull request #1740 from smallstep/dependabot/go_modules/github.com/fxamacker/cbor/v2-2.6.0
  • a583b59e Merge pull request #1738 from smallstep/dependabot/go_modules/github.com/googleapis/gax-go/v2-2.12.2
  • 0b196b0b Bump github.com/fxamacker/cbor/v2 from 2.5.0 to 2.6.0
  • fa941dc9 Bump github.com/googleapis/gax-go/v2 from 2.12.0 to 2.12.2
  • bb6aae0d Merge pull request #1736 from patsevanton/master
  • c2dfe595 Π‘orrection of spelling errors
  • e968275a Merge pull request #1729 from patsevanton/master
  • 7e1b93b6 Update examples/README.md
  • dc577e22 Merge pull request #1724 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.30.0
  • 3a2b4268 Bump github.com/newrelic/go-agent/v3 from 3.29.1 to 3.30.0
  • f7554a0a Merge pull request #1725 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/kubernetes-0.6.0
  • 685e107b Merge pull request #1726 from smallstep/dependabot/go_modules/google.golang.org/api-0.165.0
  • 0a074cb8 Spelling errors and punctuation have been corrected
  • 8e1f5385 Bump google.golang.org/api from 0.160.0 to 0.165.0
  • e6491ca2 Merge pull request #1727 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.1
  • 507f4d04 Bump go.step.sm/crypto from 0.43.0 to 0.43.1
  • 2ffc9081 Bump github.com/hashicorp/vault/api/auth/kubernetes from 0.5.0 to 0.6.0
  • bb296c9d Merge pull request #1708 from smallstep/herman/csr-expires-header
  • bd99db00 Merge pull request #1685 from venkyg-sec/allow_custom_tls_config
  • 503e5046 Merge branch 'master' into allow_custom_tls_config
  • beea482a Fix linter errors in ca/ca.go
  • 073fcb7e Merge pull request #1684 from venkyg-sec/allow_external_x509_ca_service_intf
  • ac773ff4 Merge branch 'master' into allow_external_x509_ca_service_intf
  • 9fcdd3ff Fix format warnings on ca/ca.go
  • 3dbb4aad Change CRL unavailable case to HTTP 404
  • 5d865b28 Merge pull request #1715 from rvichery/aws-ca-west-1-iid-certificate
  • ee44ac10 fixup! Add AWS ca-west-1 identity document certificate
  • 490d065c Merge pull request #1713 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/approle-0.6.0
  • 283d46d9 Add AWS ca-west-1 identity document certificate
  • a3bed409 Bump github.com/hashicorp/vault/api/auth/approle from 0.5.0 to 0.6.0
  • d174e788 Merge pull request #1712 from smallstep/dependabot/go_modules/golang.org/x/net-0.21.0
  • 5f91441d Merge pull request #1711 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.5.5
  • a32dade7 Bump golang.org/x/net from 0.20.0 to 0.21.0
  • b9db4e3f Bump cloud.google.com/go/longrunning from 0.5.4 to 0.5.5
  • c76dad8a Improve tests for CRL HTTP handler
  • 69f5f8d8 Use stretchr/testify instead of smallstep/assert for tests
  • d1deb7f9 Add Expires header to CRL response
  • 67246925 Merge pull request #1706 from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.18.0
  • 6d29e8ad Merge pull request #1704 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.0
  • 05ccf846 Merge pull request #1705 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.15.5
  • 78522c75 Bump github.com/prometheus/client_golang from 1.15.1 to 1.18.0
  • 053d05b4 Bump cloud.google.com/go/security from 1.15.4 to 1.15.5
  • 52093931 Bump go.step.sm/crypto from 0.42.1 to 0.43.0
  • 59ea7312 Merge pull request #1693 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.11.0
  • 78d889a0 Bump github.com/hashicorp/vault/api from 1.10.0 to 1.11.0
  • 2fcb33bd Merge pull request #1695 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.29.1
  • fe926e9a Merge pull request #1694 from smallstep/dependabot/go_modules/github.com/google/uuid-1.6.0
  • 8123d6a4 Merge pull request #1692 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.1
  • d9cf8aa6 Bump github.com/newrelic/go-agent/v3 from 3.29.0 to 3.29.1
  • eeaabbc4 Bump github.com/google/uuid from 1.5.0 to 1.6.0
  • 11220903 Bump go.step.sm/crypto from 0.42.0 to 0.42.1
  • 356e7070 Allow usage of externally supplied TLS config
  • fbc1e895 Allow x509 Service CA implementation to be injected through ca and authority options
  • 4ef093dc Fix broken tests relying on Sign in mocks
  • 9e3807ea Use SignWithContext in the critical paths
  • 4e06bdbc Add SignWithContext method to authority and mocks
  • b2301ea1 Remove the webhook Do method
  • f3229d3e Propagate (original) request ID to webhook requests

Thanks!

Those were the changes on v0.25.3-rc6!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

v0.25.3-rc5

3 months ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate step-ca_darwin_0.25.3-rc5_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.25.3-rc5_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.25.3-rc5_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • dd1ff9c1 Implementation of the Prometheus endpoint (#1669)
  • 27ea4de2 Merge pull request #1687 from smallstep/dependabot/go_modules/google.golang.org/api-0.157.0
  • b0833d79 Merge pull request #1686 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.0
  • bcaf8a56 Bump google.golang.org/api from 0.156.0 to 0.157.0
  • 18d3b7f6 Bump go.step.sm/crypto from 0.41.0 to 0.42.0

Thanks!

Those were the changes on v0.25.3-rc5!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

v0.25.3-rc4

3 months ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate step-ca_darwin_0.25.3-rc4_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.25.3-rc4_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.25.3-rc4_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • 675e418f Merge branch 'master' into wire-acme-extensions
  • 502334fd Merge pull request #1689 from smallstep/beltram/wire-acme-extensions
  • a38132aa Fix policy check for Wire user and device identifiers
  • 93ba1654 Fix tests to work with Wire UserID and DeviceID
  • 9eed61a9 use switch statement
  • b8eb559e Update acme/order.go
  • 27ea4de2 Merge pull request #1687 from smallstep/dependabot/go_modules/google.golang.org/api-0.157.0
  • b0833d79 Merge pull request #1686 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.0
  • bcaf8a56 Bump google.golang.org/api from 0.156.0 to 0.157.0
  • 18d3b7f6 Bump go.step.sm/crypto from 0.41.0 to 0.42.0
  • a3de984e fix: use 2 separate identifiers for Wire
  • 7e6356ec Merge pull request #1670 from smallstep/herman/remove-rusty-cli

Thanks!

Those were the changes on v0.25.3-rc4!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

v0.25.3-rc3

3 months ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate step-ca_darwin_0.25.3-rc3_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.25.3-rc3_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.25.3-rc3_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • 9cc3295a empty commit

Thanks!

Those were the changes on v0.25.3-rc3!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

v0.25.2

5 months ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate step-ca_darwin_0.25.2_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.25.2_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.25.2_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • 7bfe11c6 Bump go.step.sm/crypto (#1635)
  • d34f0f6a Fix linter warnings (#1634)

Thanks!

Those were the changes on v0.25.2!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

v0.25.0

7 months ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-ca_darwin_0.25.0_amd64.tar.gz.sig.pem \
  --signature ~/Downloads/step-ca_darwin_0.25.0_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step-ca_darwin_0.25.0_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • 4e3b344 Update changelog for 0.25.0 release (#1561)

Thanks!

Those were the changes on v0.25.0!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.