Skip to content

tocproject.toc.pki

CA server installation and configuration.

See also: * Intermediate CA - The Secure Way

step ca token <subject>

keeper$ step ca token --password-file --san intermediate.pass worker.thor.toc

step ca certificate <subject> <crt-file> <key-file>

worker$ step ca certificate worker.thor.toc worker.thor.toc.crt worker.thor.toc.key --token $TOKEN --ca-url https://ca.thor.toc:4443

worker$ step ca renew worker.thor.toc.crt worker.thor.toc.key  --ca-url https://ca.thor.toc:4443 --root ./root.crt
--force

Variables

Target step version. 

toc_pki_version: >-
  0.27.2
Controler directory path to store step-dedicated offline secrets. 
toc_pki_secrets_dir: >-
  {{ toc_root }}/step_ca

toc_pki_root_ca_public_cert: >-
  {{
    lookup('file', toc_pki_secrets_dir + '/root/certs/root_ca.crt')
  }}
Controler directory path to store offline root CA. 
toc_pki_local_offline_root_local_dir: >-
  {{ toc_pki_secrets_dir }}/root
User holding data and CA daemon ownership. 
toc_pki_user:
  name: "step-ca"
  group: "step-ca"
  uid: 893
  gid: 893
  home: "{{ toc_pki_home_dir }}"
  groups:
    - "ssl-cert"

toc_pki_intermediate_ca_inventory_group: "toc_keepers"

toc_pki_certs: []

toc_pki_renew_all: false