If your local client has already been configured, you can create a test certificate by running the step ca certificate command. Here is an example:

step ca certificate myservice myservice.crt myservice.key \\
  --san myservice.internal.mycompany.net \\
  --not-after 24h

In this command, we are asking the CA to create a certificate with the following properties:

myservice - The certificate's subject

myservice.crt - Save the certificate in a file with this name

myservice.key - Save the key in a file with this name

--san myservice.internal.mycompany.net - Add an additional SAN to the certificate, with the specified value

--not-after 24h - Set the certificate to expire after 24 hours

When you run this command, smallstep will need to authenticate you, so it will make a call to the authority-admin provisioner and start a single sign-on flow via the smallstep dashboard. After a successful sign-in, the authority will issue the certificate at the command line.

If you have created additional provisioners they will all appear during the "authentication" step. The authority-admin provisioner is used to validate users to smallstep for administrative purposes. To create a certificate using a provisioner, user the --provisioner parameter when making the certificate request.