This is a quick cheatsheet for using my smallstep CA. It is not meant to be a comprehensive guide, but rather a quick reference for myself and others who may need to use it.

Creating a certificate

To create a certificate, you can use the step CLI tool. The basic command is:

step ca certificate  --offline --san localhost --san example.com 192.0.2.1 test.example.com.crt test.example.com.key

Inspecting a certificate

To inspect a certificate, you can use the step certificate inspect CLI tool. The basic command:

step certificate inspect --short test.example.com.crt                                                      ✔
X.509v3 TLS Certificate (ECDSA P-256) [Serial: 2898...4074]
  Subject:     127.0.0.1
               localhost
               macbook
  Issuer:      My Intermediate CA
  Provisioner: [email protected] [ID: Odw5...Aisg]
  Valid from:  2026-03-08T08:43:38Z
          to:  2036-03-05T08:44:38Z

List issued certificates

To list issued certificates, you can use the step ca list CLI tool. The basic command:

step-badger  x509Certs ~/.step/db
Serial number                            Subject             Start                 Finish                Validity
302993289828619663782218509723082042948  CN=test.example.com  2026-03-08T04:05:50Z  2026-03-09T04:06:50Z  Valid
288747816944534935195190911414687768787  CN=test.example.com  2026-03-08T04:06:41Z  2026-03-09T04:07:41Z  Valid

Creating a certificate#

Inspecting a certificate#

List issued certificates#

Creating a certificate

Inspecting a certificate

List issued certificates