forked from TrueCloudLab/certificates
Update READMEs with links to new docs
This commit is contained in:
parent
fb18e5afc4
commit
80beff6ce3
2 changed files with 34 additions and 33 deletions
51
README.md
51
README.md
|
@ -16,16 +16,16 @@ You can use it to:
|
||||||
- It comes with a [Go wrapper](./examples#user-content-basic-client-usage)
|
- It comes with a [Go wrapper](./examples#user-content-basic-client-usage)
|
||||||
- ... and there's a [command-line client](https://github.com/smallstep/cli) you can use in scripts!
|
- ... and there's a [command-line client](https://github.com/smallstep/cli) you can use in scripts!
|
||||||
|
|
||||||
Whatever your use case, `step-ca` is easy to use and hard to misuse, thanks to [safe, sane defaults](./docs/defaults.md).
|
Whatever your use case, `step-ca` is easy to use and hard to misuse, thanks to [safe, sane defaults](https://smallstep.com/docs/step-ca/certificate-authority-server-production#sane-cryptographic-defaults).
|
||||||
|
|
||||||
**Questions? Find us in [Discussions](https://github.com/smallstep/certificates/discussions).**
|
**Questions? Find us in [Discussions](https://github.com/smallstep/certificates/discussions).**
|
||||||
|
|
||||||
[Website](https://smallstep.com/certificates) |
|
[Website](https://smallstep.com/certificates) |
|
||||||
[Documentation](#documentation) |
|
[Documentation](https://smallstep.com/docs) |
|
||||||
[Installation Guide](#installation-guide) |
|
[Installation Guide](#installation-guide) |
|
||||||
[Quickstart](#quickstart) |
|
[Quickstart](#quickstart) |
|
||||||
[Getting Started](./docs/GETTING_STARTED.md) |
|
[Getting Started](https://smallstep.com/docs/step-ca/getting-started) |
|
||||||
[Contribution Guide](./docs/CONTRIBUTING.md)
|
[Contributor's Guide](./docs/CONTRIBUTING.md)
|
||||||
|
|
||||||
[![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases/latest)
|
[![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases/latest)
|
||||||
[![CA Image](https://images.microbadger.com/badges/image/smallstep/step-ca.svg)](https://microbadger.com/images/smallstep/step-ca)
|
[![CA Image](https://images.microbadger.com/badges/image/smallstep/step-ca.svg)](https://microbadger.com/images/smallstep/step-ca)
|
||||||
|
@ -46,8 +46,8 @@ Setting up a *public key infrastructure* (PKI) is out of reach for many small te
|
||||||
- Choose key types (RSA, ECDSA, EdDSA) and lifetimes to suit your needs
|
- Choose key types (RSA, ECDSA, EdDSA) and lifetimes to suit your needs
|
||||||
- [Short-lived certificates](https://smallstep.com/blog/passive-revocation.html) with automated enrollment, renewal, and passive revocation
|
- [Short-lived certificates](https://smallstep.com/blog/passive-revocation.html) with automated enrollment, renewal, and passive revocation
|
||||||
- Capable of high availability (HA) deployment using [root federation](https://smallstep.com/blog/step-v0.8.3-federation-root-rotation.html) and/or multiple intermediaries
|
- Capable of high availability (HA) deployment using [root federation](https://smallstep.com/blog/step-v0.8.3-federation-root-rotation.html) and/or multiple intermediaries
|
||||||
- Can operate as [an online intermediate CA](./docs/questions.md#i-already-have-pki-in-place-can-i-use-this-with-my-own-root-certificate) for an existing root CA
|
- Can operate as [an online intermediate CA for an existing root CA](https://smallstep.com/docs/tutorials/intermediate-ca-new-ca)
|
||||||
- [Badger, BoltDB, and MySQL database backends](https://github.com/smallstep/certificates/blob/master/docs/database.md)
|
- [Badger, BoltDB, and MySQL database backends](https://smallstep.com/docs/step-ca/configuration#databases)
|
||||||
|
|
||||||
### ⚙️ Many ways to automate
|
### ⚙️ Many ways to automate
|
||||||
|
|
||||||
|
@ -59,10 +59,10 @@ You can issue certificates in exchange for:
|
||||||
- ID tokens from Okta, GSuite, Azure AD, Auth0.
|
- ID tokens from Okta, GSuite, Azure AD, Auth0.
|
||||||
- ID tokens from an OAuth OIDC service that you host, like [Keycloak](https://www.keycloak.org/) or [Dex](https://github.com/dexidp/dex)
|
- ID tokens from an OAuth OIDC service that you host, like [Keycloak](https://www.keycloak.org/) or [Dex](https://github.com/dexidp/dex)
|
||||||
- [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/), for VMs on AWS, GCP, and Azure
|
- [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/), for VMs on AWS, GCP, and Azure
|
||||||
- [Single-use, short-lived JWK tokens](https://smallstep.com/docs/design-document/#jwk-provisioner) issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc.
|
- [Single-use, short-lived JWK tokens]() issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc.
|
||||||
- A trusted X.509 certificate (X5C provisioner)
|
- A trusted X.509 certificate (X5C provisioner)
|
||||||
- Expiring SSH host certificates needing rotation (the SSHPOP provisioner)
|
- Expiring SSH host certificates needing rotation (the SSHPOP provisioner)
|
||||||
- Learn more in our [provisioner documentation](./docs/provisioners.md)
|
- Learn more in our [provisioner documentation](https://smallstep.com/docs/step-ca/configuration#jwk)
|
||||||
|
|
||||||
### 🏔 Your own private ACME server
|
### 🏔 Your own private ACME server
|
||||||
|
|
||||||
|
@ -86,7 +86,7 @@ ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS cer
|
||||||
- certbot's [`acme` module](https://github.com/certbot/certbot/tree/master/acme) for Python ([example usage](https://smallstep.com/blog/private-acme-server/#pythonuploadsacme-pythonpng-python-example))
|
- certbot's [`acme` module](https://github.com/certbot/certbot/tree/master/acme) for Python ([example usage](https://smallstep.com/blog/private-acme-server/#pythonuploadsacme-pythonpng-python-example))
|
||||||
- [`acme-client`](https://github.com/publishlab/node-acme-client) for Node.js ([example usage](https://smallstep.com/blog/private-acme-server/#nodejsuploadsacme-node-jspng-nodejs-example))
|
- [`acme-client`](https://github.com/publishlab/node-acme-client) for Node.js ([example usage](https://smallstep.com/blog/private-acme-server/#nodejsuploadsacme-node-jspng-nodejs-example))
|
||||||
- Our own [`step` CLI tool](https://github.com/smallstep/cli) is also an ACME client!
|
- Our own [`step` CLI tool](https://github.com/smallstep/cli) is also an ACME client!
|
||||||
- See our [ACME docs](https://smallstep.com/blog/private-acme-server/) for more
|
- See our [ACME tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more
|
||||||
|
|
||||||
### 👩🏽💻 An online SSH Certificate Authority
|
### 👩🏽💻 An online SSH Certificate Authority
|
||||||
|
|
||||||
|
@ -94,14 +94,14 @@ ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS cer
|
||||||
- For user certificates, [connect SSH to your single sign-on provider](https://smallstep.com/blog/diy-single-sign-on-for-ssh/), to improve security with short-lived certificates and MFA (or other security policies) via any OAuth OIDC provider.
|
- For user certificates, [connect SSH to your single sign-on provider](https://smallstep.com/blog/diy-single-sign-on-for-ssh/), to improve security with short-lived certificates and MFA (or other security policies) via any OAuth OIDC provider.
|
||||||
- For host certificates, improve security, [eliminate TOFU warnings](https://smallstep.com/blog/use-ssh-certificates/), and set up automated host certificate renewal.
|
- For host certificates, improve security, [eliminate TOFU warnings](https://smallstep.com/blog/use-ssh-certificates/), and set up automated host certificate renewal.
|
||||||
|
|
||||||
### 🤓 A general purpose PKI tool, via [`step` CLI](https://github.com/smallstep/cli) [integration](https://smallstep.com/docs/cli/ca/)
|
### 🤓 A general purpose PKI tool, via [`step` CLI](https://github.com/smallstep/cli) [integration](https://smallstep.com/docs/step-cli/reference/ca/)
|
||||||
|
|
||||||
- Generate key pairs where they're needed so private keys are never transmitted across the network
|
- Generate key pairs where they're needed so private keys are never transmitted across the network
|
||||||
- [Authenticate and obtain a certificate](https://smallstep.com/docs/cli/ca/certificate/) using any provisioner supported by `step-ca`
|
- [Authenticate and obtain a certificate](https://smallstep.com/docs/step-cli/reference/ca/certificate/) using any provisioner supported by `step-ca`
|
||||||
- Securely [distribute root certificates](https://smallstep.com/docs/cli/ca/root/) and [bootstrap](https://smallstep.com/docs/cli/ca/bootstrap/) PKI relying parties
|
- Securely [distribute root certificates](https://smallstep.com/docs/step-cli/reference/ca/root/) and [bootstrap](https://smallstep.com/docs/step-cli/reference/ca/bootstrap/) PKI relying parties
|
||||||
- [Renew](https://smallstep.com/docs/cli/ca/renew/) and [revoke](https://smallstep.com/docs/cli/ca/revoke/) certificates issued by `step-ca`
|
- [Renew](https://smallstep.com/docs/step-cli/reference/ca/renew/) and [revoke](https://smallstep.com/docs/step-cli/reference/ca/revoke/) certificates issued by `step-ca`
|
||||||
- [Install root certificates](https://smallstep.com/docs/cli/certificate/install/) on your machine and browsers, so your CA is trusted
|
- [Install root certificates](https://smallstep.com/docs/step-cli/reference/certificate/install/) on your machine and browsers, so your CA is trusted
|
||||||
- [Inspect](https://smallstep.com/docs/cli/certificate/inspect/) and [lint](https://smallstep.com/docs/cli/certificate/lint/) certificates
|
- [Inspect](https://smallstep.com/docs/step-cli/reference/certificate/inspect/) and [lint](https://smallstep.com/docs/step-cli/reference/certificate/lint/) certificates
|
||||||
|
|
||||||
## Installation Guide
|
## Installation Guide
|
||||||
|
|
||||||
|
@ -118,11 +118,11 @@ $ brew install step
|
||||||
|
|
||||||
### Linux
|
### Linux
|
||||||
|
|
||||||
> **Note:** Though it's not required, you will probably also want the [`step` CLI tool](https://github.com/smallstep/cli#installation-guide).
|
> **Note:** The [`step` CLI tool](https://github.com/smallstep/cli) is the easiest way to initialize, configure, and control `step-ca`. While `step` is not technically required to run `step-ca`, it is very much recommended.
|
||||||
|
|
||||||
#### Debian
|
#### Debian
|
||||||
|
|
||||||
1. [Optional] Install `step`.
|
1. Install `step`.
|
||||||
|
|
||||||
Download the Debian package from the
|
Download the Debian package from the
|
||||||
[latest `step` release](https://github.com/smallstep/cli/releases/latest):
|
[latest `step` release](https://github.com/smallstep/cli/releases/latest):
|
||||||
|
@ -156,14 +156,14 @@ $ brew install step
|
||||||
We are using the [Arch User Repository](https://aur.archlinux.org) to distribute
|
We are using the [Arch User Repository](https://aur.archlinux.org) to distribute
|
||||||
`step` binaries for Arch Linux.
|
`step` binaries for Arch Linux.
|
||||||
|
|
||||||
* [Optional] The `step` binary tarball can be found [here](https://aur.archlinux.org/packages/step-cli-bin/).
|
* The `step` binary tarball can be found [here](https://aur.archlinux.org/packages/step-cli-bin/).
|
||||||
* The `step-ca` binary tarball can be found [here](https://aur.archlinux.org/packages/step-ca-bin/).
|
* The `step-ca` binary tarball can be found [here](https://aur.archlinux.org/packages/step-ca-bin/).
|
||||||
|
|
||||||
You can use [pacman](https://www.archlinux.org/pacman/) to install the packages.
|
You can use [pacman](https://www.archlinux.org/pacman/) to install the packages.
|
||||||
|
|
||||||
#### RHEL/CentOS
|
#### RHEL/CentOS
|
||||||
|
|
||||||
1. [Optional] Install `step`.
|
1. Install `step`.
|
||||||
|
|
||||||
Download the Linux tarball from the
|
Download the Linux tarball from the
|
||||||
[latest `step` release](https://github.com/smallstep/cli/releases/latest):
|
[latest `step` release](https://github.com/smallstep/cli/releases/latest):
|
||||||
|
@ -194,7 +194,7 @@ You can use [pacman](https://www.archlinux.org/pacman/) to install the packages.
|
||||||
$ sudo cp step-certificates_X.Y.Z/bin/step-ca /usr/bin
|
$ sudo cp step-certificates_X.Y.Z/bin/step-ca /usr/bin
|
||||||
```
|
```
|
||||||
|
|
||||||
See the [`systemctl` setup section](./docs/GETTING_STARTED.md#systemctl) for a
|
See the [`systemctl` setup section](https://smallstep.com/docs/step-ca/certificate-authority-server-production#running-step-ca-as-a-daemon) for a
|
||||||
guide on configuring `step-ca` as a daemon.
|
guide on configuring `step-ca` as a daemon.
|
||||||
|
|
||||||
### Kubernetes
|
### Kubernetes
|
||||||
|
@ -213,7 +213,7 @@ helm install step-certificates
|
||||||
|
|
||||||
### Docker
|
### Docker
|
||||||
|
|
||||||
See our [Docker getting started guide](./docs/docker.md)
|
See our [Docker getting started guide](https://smallstep.com/docs/tutorials/docker-tls-certificate-authority)
|
||||||
|
|
||||||
### Test
|
### Test
|
||||||
|
|
||||||
|
@ -272,7 +272,7 @@ This command will:
|
||||||
|
|
||||||
- Generate [password protected](https://github.com/smallstep/certificates/blob/master/docs/GETTING_STARTED.md#passwords) private keys for your CA to sign certificates
|
- Generate [password protected](https://github.com/smallstep/certificates/blob/master/docs/GETTING_STARTED.md#passwords) private keys for your CA to sign certificates
|
||||||
- Generate a root and [intermediate signing certificate](https://security.stackexchange.com/questions/128779/why-is-it-more-secure-to-use-intermediate-ca-certificates) for your CA
|
- Generate a root and [intermediate signing certificate](https://security.stackexchange.com/questions/128779/why-is-it-more-secure-to-use-intermediate-ca-certificates) for your CA
|
||||||
- Create a JSON configuration file for `step-ca` (see [getting started](./docs/GETTING_STARTED.md) for details)
|
- Create a JSON configuration file for `step-ca` (see [configuration docs](https://smallstep.com/docs/step-ca/configuration) for details)
|
||||||
|
|
||||||
You can find these artifacts in `$STEPPATH` (or `~/.step` by default).
|
You can find these artifacts in `$STEPPATH` (or `~/.step` by default).
|
||||||
|
|
||||||
|
@ -370,16 +370,15 @@ and best practices on running Step CA in production.
|
||||||
|
|
||||||
Documentation can be found in a handful of different places:
|
Documentation can be found in a handful of different places:
|
||||||
|
|
||||||
1. The [docs](./docs/README.md) sub-repo has an index of documentation and tutorials.
|
1. On the web at https://smallstep.com/docs/step-ca.
|
||||||
|
|
||||||
2. On the command line with `step help ca xxx` where `xxx` is the subcommand
|
2. On the command line with `step help ca xxx` where `xxx` is the subcommand
|
||||||
you are interested in. Ex: `step help ca provisioner list`.
|
you are interested in. Ex: `step help ca provisioner list`.
|
||||||
|
|
||||||
3. On the web at https://smallstep.com/docs/certificates.
|
3. In your browser, by running `step help --http=:8080 ca` from the command line
|
||||||
|
|
||||||
4. On your browser by running `step help --http=:8080 ca` from the command line
|
|
||||||
and visiting http://localhost:8080.
|
and visiting http://localhost:8080.
|
||||||
|
|
||||||
|
4. The [docs](./docs/README.md) folder is being deprecated, but it still has some documentation and tutorials.
|
||||||
|
|
||||||
## Feedback?
|
## Feedback?
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
# Step Certificates Documentation
|
# Step Certificates Documentation
|
||||||
|
|
||||||
|
## Note: Much of [our documentation has moved](https://smallstep.com/docs)
|
||||||
|
|
||||||
Index of Documentation and Tutorials for using and deploying the `step certificates`.
|
Index of Documentation and Tutorials for using and deploying the `step certificates`.
|
||||||
|
|
||||||
[![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases)
|
[![GitHub release](https://img.shields.io/github/release/smallstep/certificates.svg)](https://github.com/smallstep/certificates/releases)
|
||||||
|
@ -16,18 +18,18 @@ Index of Documentation and Tutorials for using and deploying the `step certifica
|
||||||
|
|
||||||
* **General Info**
|
* **General Info**
|
||||||
* [Website](https://smallstep.com)
|
* [Website](https://smallstep.com)
|
||||||
* [Installation Guide](../README.md#installation-guide)
|
* [Installation Guide](https://smallstep.com/docs/step-ca/installation)
|
||||||
* [Getting Started](./GETTING_STARTED.md): in depth guide on getting started
|
* [Getting Started](https://smallstep.com/docs/step-ca/getting-started): in depth guide on getting started
|
||||||
with `step certificates`, including all configuration options.
|
with `step-ca`, including all configuration options.
|
||||||
* [Contribution Guide](./CONTRIBUTING.md)
|
* [Contributor's Guide](./CONTRIBUTING.md)
|
||||||
* [Sane Defaults](./defaults.md): default algorithms and attributes used
|
* [Sane Defaults](https://smallstep.com/docs/step-ca/certificate-authority-server-production#sane-cryptographic-defaults): default algorithms and attributes used
|
||||||
in cryptographic primitives and why they were selected.
|
in cryptographic primitives and why they were selected.
|
||||||
* [Frequently Asked Questions](./questions.md)
|
* [Frequently Asked Questions](./questions.md)
|
||||||
* Check out our [Blog](https://smallstep.com/blog/). We post quality
|
* Check out our [Blog](https://smallstep.com/blog/). We post quality
|
||||||
educational content as well as periodic updates on new releases.
|
educational content as well as periodic updates on new releases.
|
||||||
* **API**: Guides to using the API via the `step` CLI.
|
* **API**: Guides to using the API via the `step` CLI.
|
||||||
* [Revoking Certificates](./revocation.md)
|
* [Revoking Certificates](https://smallstep.com/docs/step-ca/certificate-authority-server-production#x509-certificate-revocation)
|
||||||
* [Persistence Layer](./database.md): description and guide to using `step certificates`'
|
* [Persistence Layer](https://smallstep.com/docs/step-ca/configuration#databases): description and guide to using `step certificates`'
|
||||||
persistence layer for storing certificate management metadata.
|
persistence layer for storing certificate management metadata.
|
||||||
* **Tutorials**: Guides for deploying and getting started with `step` in various environments.
|
* **Tutorials**: Guides for deploying and getting started with `step` in various environments.
|
||||||
* [Docker](./docker.md)
|
* [Docker](./docker.md)
|
||||||
|
|
Loading…
Reference in a new issue