Update READMEs with links to new docs

This commit is contained in:
Carl Tashian 2020-10-27 16:20:45 -07:00
parent fb18e5afc4
commit 80beff6ce3
2 changed files with 34 additions and 33 deletions

View file

@ -16,16 +16,16 @@ You can use it to:
- It comes with a [Go wrapper](./examples#user-content-basic-client-usage) - It comes with a [Go wrapper](./examples#user-content-basic-client-usage)
- ... and there's a [command-line client](https://github.com/smallstep/cli) you can use in scripts! - ... and there's a [command-line client](https://github.com/smallstep/cli) you can use in scripts!
Whatever your use case, `step-ca` is easy to use and hard to misuse, thanks to [safe, sane defaults](./docs/defaults.md). Whatever your use case, `step-ca` is easy to use and hard to misuse, thanks to [safe, sane defaults](https://smallstep.com/docs/step-ca/certificate-authority-server-production#sane-cryptographic-defaults).
**Questions? Find us in [Discussions](https://github.com/smallstep/certificates/discussions).** **Questions? Find us in [Discussions](https://github.com/smallstep/certificates/discussions).**
[Website](https://smallstep.com/certificates) | [Website](https://smallstep.com/certificates) |
[Documentation](#documentation) | [Documentation](https://smallstep.com/docs) |
[Installation Guide](#installation-guide) | [Installation Guide](#installation-guide) |
[Quickstart](#quickstart) | [Quickstart](#quickstart) |
[Getting Started](./docs/GETTING_STARTED.md) | [Getting Started](https://smallstep.com/docs/step-ca/getting-started) |
[Contribution Guide](./docs/CONTRIBUTING.md) [Contributor's Guide](./docs/CONTRIBUTING.md)
[![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases/latest) [![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases/latest)
[![CA Image](https://images.microbadger.com/badges/image/smallstep/step-ca.svg)](https://microbadger.com/images/smallstep/step-ca) [![CA Image](https://images.microbadger.com/badges/image/smallstep/step-ca.svg)](https://microbadger.com/images/smallstep/step-ca)
@ -46,8 +46,8 @@ Setting up a *public key infrastructure* (PKI) is out of reach for many small te
- Choose key types (RSA, ECDSA, EdDSA) and lifetimes to suit your needs - Choose key types (RSA, ECDSA, EdDSA) and lifetimes to suit your needs
- [Short-lived certificates](https://smallstep.com/blog/passive-revocation.html) with automated enrollment, renewal, and passive revocation - [Short-lived certificates](https://smallstep.com/blog/passive-revocation.html) with automated enrollment, renewal, and passive revocation
- Capable of high availability (HA) deployment using [root federation](https://smallstep.com/blog/step-v0.8.3-federation-root-rotation.html) and/or multiple intermediaries - Capable of high availability (HA) deployment using [root federation](https://smallstep.com/blog/step-v0.8.3-federation-root-rotation.html) and/or multiple intermediaries
- Can operate as [an online intermediate CA](./docs/questions.md#i-already-have-pki-in-place-can-i-use-this-with-my-own-root-certificate) for an existing root CA - Can operate as [an online intermediate CA for an existing root CA](https://smallstep.com/docs/tutorials/intermediate-ca-new-ca)
- [Badger, BoltDB, and MySQL database backends](https://github.com/smallstep/certificates/blob/master/docs/database.md) - [Badger, BoltDB, and MySQL database backends](https://smallstep.com/docs/step-ca/configuration#databases)
### ⚙️ Many ways to automate ### ⚙️ Many ways to automate
@ -59,10 +59,10 @@ You can issue certificates in exchange for:
- ID tokens from Okta, GSuite, Azure AD, Auth0. - ID tokens from Okta, GSuite, Azure AD, Auth0.
- ID tokens from an OAuth OIDC service that you host, like [Keycloak](https://www.keycloak.org/) or [Dex](https://github.com/dexidp/dex) - ID tokens from an OAuth OIDC service that you host, like [Keycloak](https://www.keycloak.org/) or [Dex](https://github.com/dexidp/dex)
- [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/), for VMs on AWS, GCP, and Azure - [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/), for VMs on AWS, GCP, and Azure
- [Single-use, short-lived JWK tokens](https://smallstep.com/docs/design-document/#jwk-provisioner) issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc. - [Single-use, short-lived JWK tokens]() issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc.
- A trusted X.509 certificate (X5C provisioner) - A trusted X.509 certificate (X5C provisioner)
- Expiring SSH host certificates needing rotation (the SSHPOP provisioner) - Expiring SSH host certificates needing rotation (the SSHPOP provisioner)
- Learn more in our [provisioner documentation](./docs/provisioners.md) - Learn more in our [provisioner documentation](https://smallstep.com/docs/step-ca/configuration#jwk)
### 🏔 Your own private ACME server ### 🏔 Your own private ACME server
@ -86,7 +86,7 @@ ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS cer
- certbot's [`acme` module](https://github.com/certbot/certbot/tree/master/acme) for Python ([example usage](https://smallstep.com/blog/private-acme-server/#pythonuploadsacme-pythonpng-python-example)) - certbot's [`acme` module](https://github.com/certbot/certbot/tree/master/acme) for Python ([example usage](https://smallstep.com/blog/private-acme-server/#pythonuploadsacme-pythonpng-python-example))
- [`acme-client`](https://github.com/publishlab/node-acme-client) for Node.js ([example usage](https://smallstep.com/blog/private-acme-server/#nodejsuploadsacme-node-jspng-nodejs-example)) - [`acme-client`](https://github.com/publishlab/node-acme-client) for Node.js ([example usage](https://smallstep.com/blog/private-acme-server/#nodejsuploadsacme-node-jspng-nodejs-example))
- Our own [`step` CLI tool](https://github.com/smallstep/cli) is also an ACME client! - Our own [`step` CLI tool](https://github.com/smallstep/cli) is also an ACME client!
- See our [ACME docs](https://smallstep.com/blog/private-acme-server/) for more - See our [ACME tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more
### 👩🏽‍💻 An online SSH Certificate Authority ### 👩🏽‍💻 An online SSH Certificate Authority
@ -94,14 +94,14 @@ ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS cer
- For user certificates, [connect SSH to your single sign-on provider](https://smallstep.com/blog/diy-single-sign-on-for-ssh/), to improve security with short-lived certificates and MFA (or other security policies) via any OAuth OIDC provider. - For user certificates, [connect SSH to your single sign-on provider](https://smallstep.com/blog/diy-single-sign-on-for-ssh/), to improve security with short-lived certificates and MFA (or other security policies) via any OAuth OIDC provider.
- For host certificates, improve security, [eliminate TOFU warnings](https://smallstep.com/blog/use-ssh-certificates/), and set up automated host certificate renewal. - For host certificates, improve security, [eliminate TOFU warnings](https://smallstep.com/blog/use-ssh-certificates/), and set up automated host certificate renewal.
### 🤓 A general purpose PKI tool, via [`step` CLI](https://github.com/smallstep/cli) [integration](https://smallstep.com/docs/cli/ca/) ### 🤓 A general purpose PKI tool, via [`step` CLI](https://github.com/smallstep/cli) [integration](https://smallstep.com/docs/step-cli/reference/ca/)
- Generate key pairs where they're needed so private keys are never transmitted across the network - Generate key pairs where they're needed so private keys are never transmitted across the network
- [Authenticate and obtain a certificate](https://smallstep.com/docs/cli/ca/certificate/) using any provisioner supported by `step-ca` - [Authenticate and obtain a certificate](https://smallstep.com/docs/step-cli/reference/ca/certificate/) using any provisioner supported by `step-ca`
- Securely [distribute root certificates](https://smallstep.com/docs/cli/ca/root/) and [bootstrap](https://smallstep.com/docs/cli/ca/bootstrap/) PKI relying parties - Securely [distribute root certificates](https://smallstep.com/docs/step-cli/reference/ca/root/) and [bootstrap](https://smallstep.com/docs/step-cli/reference/ca/bootstrap/) PKI relying parties
- [Renew](https://smallstep.com/docs/cli/ca/renew/) and [revoke](https://smallstep.com/docs/cli/ca/revoke/) certificates issued by `step-ca` - [Renew](https://smallstep.com/docs/step-cli/reference/ca/renew/) and [revoke](https://smallstep.com/docs/step-cli/reference/ca/revoke/) certificates issued by `step-ca`
- [Install root certificates](https://smallstep.com/docs/cli/certificate/install/) on your machine and browsers, so your CA is trusted - [Install root certificates](https://smallstep.com/docs/step-cli/reference/certificate/install/) on your machine and browsers, so your CA is trusted
- [Inspect](https://smallstep.com/docs/cli/certificate/inspect/) and [lint](https://smallstep.com/docs/cli/certificate/lint/) certificates - [Inspect](https://smallstep.com/docs/step-cli/reference/certificate/inspect/) and [lint](https://smallstep.com/docs/step-cli/reference/certificate/lint/) certificates
## Installation Guide ## Installation Guide
@ -118,11 +118,11 @@ $ brew install step
### Linux ### Linux
> **Note:** Though it's not required, you will probably also want the [`step` CLI tool](https://github.com/smallstep/cli#installation-guide). > **Note:** The [`step` CLI tool](https://github.com/smallstep/cli) is the easiest way to initialize, configure, and control `step-ca`. While `step` is not technically required to run `step-ca`, it is very much recommended.
#### Debian #### Debian
1. [Optional] Install `step`. 1. Install `step`.
Download the Debian package from the Download the Debian package from the
[latest `step` release](https://github.com/smallstep/cli/releases/latest): [latest `step` release](https://github.com/smallstep/cli/releases/latest):
@ -156,14 +156,14 @@ $ brew install step
We are using the [Arch User Repository](https://aur.archlinux.org) to distribute We are using the [Arch User Repository](https://aur.archlinux.org) to distribute
`step` binaries for Arch Linux. `step` binaries for Arch Linux.
* [Optional] The `step` binary tarball can be found [here](https://aur.archlinux.org/packages/step-cli-bin/). * The `step` binary tarball can be found [here](https://aur.archlinux.org/packages/step-cli-bin/).
* The `step-ca` binary tarball can be found [here](https://aur.archlinux.org/packages/step-ca-bin/). * The `step-ca` binary tarball can be found [here](https://aur.archlinux.org/packages/step-ca-bin/).
You can use [pacman](https://www.archlinux.org/pacman/) to install the packages. You can use [pacman](https://www.archlinux.org/pacman/) to install the packages.
#### RHEL/CentOS #### RHEL/CentOS
1. [Optional] Install `step`. 1. Install `step`.
Download the Linux tarball from the Download the Linux tarball from the
[latest `step` release](https://github.com/smallstep/cli/releases/latest): [latest `step` release](https://github.com/smallstep/cli/releases/latest):
@ -194,7 +194,7 @@ You can use [pacman](https://www.archlinux.org/pacman/) to install the packages.
$ sudo cp step-certificates_X.Y.Z/bin/step-ca /usr/bin $ sudo cp step-certificates_X.Y.Z/bin/step-ca /usr/bin
``` ```
See the [`systemctl` setup section](./docs/GETTING_STARTED.md#systemctl) for a See the [`systemctl` setup section](https://smallstep.com/docs/step-ca/certificate-authority-server-production#running-step-ca-as-a-daemon) for a
guide on configuring `step-ca` as a daemon. guide on configuring `step-ca` as a daemon.
### Kubernetes ### Kubernetes
@ -213,7 +213,7 @@ helm install step-certificates
### Docker ### Docker
See our [Docker getting started guide](./docs/docker.md) See our [Docker getting started guide](https://smallstep.com/docs/tutorials/docker-tls-certificate-authority)
### Test ### Test
@ -272,7 +272,7 @@ This command will:
- Generate [password protected](https://github.com/smallstep/certificates/blob/master/docs/GETTING_STARTED.md#passwords) private keys for your CA to sign certificates - Generate [password protected](https://github.com/smallstep/certificates/blob/master/docs/GETTING_STARTED.md#passwords) private keys for your CA to sign certificates
- Generate a root and [intermediate signing certificate](https://security.stackexchange.com/questions/128779/why-is-it-more-secure-to-use-intermediate-ca-certificates) for your CA - Generate a root and [intermediate signing certificate](https://security.stackexchange.com/questions/128779/why-is-it-more-secure-to-use-intermediate-ca-certificates) for your CA
- Create a JSON configuration file for `step-ca` (see [getting started](./docs/GETTING_STARTED.md) for details) - Create a JSON configuration file for `step-ca` (see [configuration docs](https://smallstep.com/docs/step-ca/configuration) for details)
You can find these artifacts in `$STEPPATH` (or `~/.step` by default). You can find these artifacts in `$STEPPATH` (or `~/.step` by default).
@ -370,16 +370,15 @@ and best practices on running Step CA in production.
Documentation can be found in a handful of different places: Documentation can be found in a handful of different places:
1. The [docs](./docs/README.md) sub-repo has an index of documentation and tutorials. 1. On the web at https://smallstep.com/docs/step-ca.
2. On the command line with `step help ca xxx` where `xxx` is the subcommand 2. On the command line with `step help ca xxx` where `xxx` is the subcommand
you are interested in. Ex: `step help ca provisioner list`. you are interested in. Ex: `step help ca provisioner list`.
3. On the web at https://smallstep.com/docs/certificates. 3. In your browser, by running `step help --http=:8080 ca` from the command line
4. On your browser by running `step help --http=:8080 ca` from the command line
and visiting http://localhost:8080. and visiting http://localhost:8080.
4. The [docs](./docs/README.md) folder is being deprecated, but it still has some documentation and tutorials.
## Feedback? ## Feedback?

View file

@ -1,5 +1,7 @@
# Step Certificates Documentation # Step Certificates Documentation
## Note: Much of [our documentation has moved](https://smallstep.com/docs)
Index of Documentation and Tutorials for using and deploying the `step certificates`. Index of Documentation and Tutorials for using and deploying the `step certificates`.
[![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases) [![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases)
@ -16,18 +18,18 @@ Index of Documentation and Tutorials for using and deploying the `step certifica
* **General Info** * **General Info**
* [Website](https://smallstep.com) * [Website](https://smallstep.com)
* [Installation Guide](../README.md#installation-guide) * [Installation Guide](https://smallstep.com/docs/step-ca/installation)
* [Getting Started](./GETTING_STARTED.md): in depth guide on getting started * [Getting Started](https://smallstep.com/docs/step-ca/getting-started): in depth guide on getting started
with `step certificates`, including all configuration options. with `step-ca`, including all configuration options.
* [Contribution Guide](./CONTRIBUTING.md) * [Contributor's Guide](./CONTRIBUTING.md)
* [Sane Defaults](./defaults.md): default algorithms and attributes used * [Sane Defaults](https://smallstep.com/docs/step-ca/certificate-authority-server-production#sane-cryptographic-defaults): default algorithms and attributes used
in cryptographic primitives and why they were selected. in cryptographic primitives and why they were selected.
* [Frequently Asked Questions](./questions.md) * [Frequently Asked Questions](./questions.md)
* Check out our [Blog](https://smallstep.com/blog/). We post quality * Check out our [Blog](https://smallstep.com/blog/). We post quality
educational content as well as periodic updates on new releases. educational content as well as periodic updates on new releases.
* **API**: Guides to using the API via the `step` CLI. * **API**: Guides to using the API via the `step` CLI.
* [Revoking Certificates](./revocation.md) * [Revoking Certificates](https://smallstep.com/docs/step-ca/certificate-authority-server-production#x509-certificate-revocation)
* [Persistence Layer](./database.md): description and guide to using `step certificates`' * [Persistence Layer](https://smallstep.com/docs/step-ca/configuration#databases): description and guide to using `step certificates`'
persistence layer for storing certificate management metadata. persistence layer for storing certificate management metadata.
* **Tutorials**: Guides for deploying and getting started with `step` in various environments. * **Tutorials**: Guides for deploying and getting started with `step` in various environments.
* [Docker](./docker.md) * [Docker](./docker.md)