The short answer is no. Smallstep never stores your private keys, and we consider it a sensitive credential that's not stored in our database. In fact...

RSA keys require a minimum key size of 2048 bits. If unset, the default is 2048 bits for RSA keys and 128 bits for oct keys . Read more about using ...

Smallstep Certificate Manager is a commercial product built on step-ca . An important distinction is that with Smallstep Certificate Manager you hav...

Tokens are designed to be short-lived, and in Smallstep the longest life for a token is one hour.  The idea with the X5C provisioner is that you would...

Check out our blog on how to migrate from Microsoft AD CS to Smallstep.

🔎 Looking for the open-source step-ca version? This tutorial is designed specifically for Smallstep's online Certificate Manager. If you are lookin...

If you're generating certificates using an OKTA OIDC Provisioner in Smallstep, you might get the following error from OKTA on the browser side after...

Smallstep open-source step-ca is supported by the greater user community and can be found on Discord here . Start with our #getting-started and ...

Contact Us to discover which on-premises deployments meet your infrastructure needs.

Contact Us to discover which on-premises deployments meet your infrastructure needs.

Smallstep is pleased to announce the SOC 2 Type II certification of our SaaS platform. This SOC 2 Type II Certification demonstrates that an independe...

Create an index for the logs in Splunk Settings -> Data -> Indexes Click New Index and follow the walk through Create a new Splunk HEC input Settings ...

That’s totally fine! Let’s get your Smallstep Wi-Fi account configured to use your external RADIUS server Root CA bundle. Typically, a server certific...

As of May 2024, SimpleMDM doesn't provide an option to enable automatic renewal, only than with a custom profile. Some additional scripting and/or MDM...

You may be using a SCEP deployment , particularly "Static SCEP". In this case, a single shared secret allows all devices to use the same mobileconfi...

The following steps will allow certain OKTA users to log into the Smallstep Dashboard using their OKTA credentials. Leave all other settings as defaul...

This is your central resource for everything related to Smallstep's platform, tools, and integrations. Whether you're an IT administrator, security en...

Principal names map to the users ssh certificate allowing users the ability to access hosts as that user (e.g. admin, root, intern, consultant). Princ...

Explore all supported configuration options here .

Because the step CLI runs on multiple operating systems, some with or without package managers, our installation page describes each platform's in...

# Set an environment variable for STEPDEBUG equal to 1 (for true).$env:STEPDEBUG = "1"# Run a step command (the following fails and will show debuggin...

# Reconfigure client config, includes, and authorities & overwrite without askingstep ssh config --team <team-name> --force For more information on s...

When you register a Google Cloud Platform (GCP) Virtual Machine (VM) with Smallstep, you're effectively removing the use of the access keys that are a...

You may notice the following types of service messages in your SSH host's logs from the step-ssh-metadata service. The synchronization ensures that ...

If you've misplaced your enrollment token, please contact support for a new one. At this time, for security reasons, you cannot be provided with you...

On your server add or edit the following line to your /etc/ssh/sshd_config with the port number: Port 22 Whenever SSH to registered hosts they pas...

SecureCRT has support for using X.509 certificates. ( read ) SecureCRT users have reported having trouble getting SSH certificates to work on Windows ...

Suppose users plan to log into SSH with the same authentication method (e.g., OIDC via OKTA, Google, Azure AD). In that case, they can bypass the Prov...

SecureCRT has support for using X.509 certificates. ( read ) SecureCRT users have reported having trouble getting SSH certificates to work on Windows ...

Edit Smallstep User Profile in OKTA From the OKTA admin, go to Directory --> Profile Editor Click to open the Smallstep User profile to add a new ...

Edit Smallstep User Profile in OKTA From the OKTA admin, go to Directory --> Profile Editor Click to open the Smallstep User profile to add a new ...

Edit Smallstep User Profile in OKTA From the OKTA admin, go to Directory --> Profile Editor Click to open the Smallstep User profile to add a new ...

Try the following known resolution steps In the IdPs Smallstep App settings (Azure, Google Workspace, OKTA), check the user's information for simple e...

Step 1: SSH to your host as a user with root access. (Keep the hostname handy, you will need it later) ssh <hostname>   Step 2: Run all steps as the r...

The default Mobaxterm has not been reported as compatible with Smallstep SSH on the client side. Customers on Windows have opted for Windows System fo...

Resources to assist in the resolution of problems encountered during SSH Professional Setup. Smallstep SSH Professional Documentation SSH Host Quicks...