step ca renew. It has all sorts of useful flags that allow it to run as a daemon, periodically attempt renewal, etc.
In my GCP account, I have distributed an instance of Smallstep ACME Registration Authority for CAS to test the product. The sensations are very good; the deploy has been very fast and easy. Congratulations on the product. One question, can an ACME smallstep server only issue final certificates from a subCA generated in Google CAS? In other words, is the caCAS value unique? Can't it have several values? I mention this because if an enterprise's PKI infrastructure is generated in Google, it is very likely that it is made up of several SubCA's ( my on-premise PKI is made up of four SubCA's, for example, for compliance needs among others... ) Thank you.
step ca tokento work out the sort of token you'd want your server to generate.
step ca certificateusing
--tokento request a certificate from the CA using a token)
step-cabe an intermediate in that sort of setup.
error validating ACME Challenge at https://tinyca.lan/acme/acme/challenge/Rrk1iKFeEjDRkFu0w025Ogty17RsL2R0: client GET https://tinyca.lan/acme/acme/new-order failed: Post "https://tinyca.lan/acme/acme/challenge/Rrk1iKFeEjDRkFu0w025Ogty17RsL2R0": stream error: stream ID 17; INTERNAL_ERROR
ufwto allow only port 443 and also set my network's firewall rules accordingly, it should be secure enough... Ideally I'd like to be able to generate SSH certificates from anywhere (whether I'm at home, which is 90% of the time these days, or out) to connect to my hosts. I've tried using Cloudflare, but testing with the
step ca certificatecommand yielded
x509: certificate signed by unknown authorityerrors. I guess I could also setup VPN to my home network (where the CA is hosted) and connect via VPN for SSH cert generation once per day if I'm not home, too...