If your local client has already been configured, you can create a test certificate by running the
step ca certificate command. Here is an example:
step ca certificate myservice myservice.crt myservice.key \\ --san myservice.internal.mycompany.net \\ --not-after 24h
In this command, we are asking the CA to create a certificate with the following properties:
myservice - The certificate's subject
myservice.crt - Save the certificate in a file with this name
myservice.key - Save the key in a file with this name
--san myservice.internal.mycompany.net - Add an additional SAN to the certificate, with the specified value
--not-after 24h - Set the certificate to expire after 24 hours
When you run this command, smallstep will need to authenticate you, so it will make a call to the
authority-admin provisioner and start a single sign-on flow via the smallstep dashboard. After a successful sign-in, the authority will issue the certificate at the command line.
If you have created additional provisioners they will all appear during the "authentication" step. The authority-admin provisioner is used to validate users to smallstep for administrative purposes. To create a certificate using a provisioner, user the --provisioner parameter when making the certificate request.