🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.25.0_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.25.0_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.25.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.25.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.3-rc.5_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.3-rc.5_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.24.3-rc.5_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.3-rc.5!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.3-rc.4_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.3-rc.4_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.24.3-rc.4_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.3-rc.4!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.3-rc.3_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.3-rc.3_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.24.3-rc.3_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.3-rc.3!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.3-rc.2_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.3-rc.2_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.24.3-rc.2_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.3-rc.2!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.3-rc1_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.3-rc1_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.24.3-rc1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.3-rc1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.2_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.2_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.24.2_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.2!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.1_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.1_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.24.1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.0_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.0_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
~/Downloads/step-ca_darwin_0.24.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
COSIGN_EXPERIMENTAL=1 cosign verify-blob \
--certificate ~/Downloads/step-ca_darwin_0.24.0-rc.2_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_0.24.0-rc.2_amd64.tar.gz.sig \
~/Downloads/step-ca_darwin_0.24.0-rc.2_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Those were the changes on v0.24.0-rc.2!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.