You can inspect the key details of your certificate by running:
step certificate inspect --short myservice.crt
It should look similar to this:
X.509v3 TLS Certificate (ECDSA P-256) [Serial: 2441...2018]
Subject: myservice
admin@yourco.com
<https://auth.smallstep.com#98496ed4-7f27-4367-b7a2-ef828e0a4eda>
Issuer: Dev Intermediate CA
Provisioner: authority-admin [ID: 909d...8521]
Valid from: 2022-03-08T13:41:15Z
to: 2022-03-09T13:42:15Z
If interested in the full certificate details, leave off the --short
flag from your call:
step certificate inspect myservice.crt
It will look something like:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 174722835395825118890075525124613812754 (0x837264e17d78728efd82c16480a13212)
Signature Algorithm: ECDSA-SHA256
Issuer: CN=Dev Intermediate CA
Validity
Not Before: Mar 8 13:41:15 2022 UTC
Not After : Mar 9 13:42:15 2022 UTC
Subject: CN=myservice
Subject Public Key Info:
Public Key Algorithm: ECDSA
Public-Key: (256 bit)
X:
79:1e:ef:39:88:9e:20:fc:66:db:d2:a6:1b:e1:c9:
00:9c:cf:fb:67:b5:3c:08:ae:0b:4e:2d:8d:04:f6:
a8:0a
Y:
62:ed:fc:be:34:d5:42:5d:da:c5:89:3f:38:67:5b:
60:98:d0:29:68:d2:a8:f9:8c:c3:13:02:94:e4:a4:
1d:73
Curve: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Server Authentication, Client Authentication
X509v3 Subject Key Identifier:
78:E5:C6:20:54:34:27:27:FA:0E:75:0C:DE:DA:51:E1:12:CB:41:14
X509v3 Authority Key Identifier:
keyid:F8:2F:07:DB:83:F3:2D:67:51:45:F4:D0:14:82:51:14:BF:6D:4F:02
X509v3 Subject Alternative Name:
DNS:myservice.internal.mycompany.net
X509v3 Step Provisioner:
Type: OIDC
Name: authority-admin
CredentialID: [ID: 909d...8521]
Signature Algorithm: ECDSA-SHA256
30:45:02:21:00:f0:1e:ff:45:68:15:3e:3f:a7:0c:77:9b:03:
9c:80:27:10:e9:e4:36:57:fb:19:4b:56:c1:eb:5d:cc:56:7f:
ea:02:20:25:a2:c4:ec:cb:fb:c6:0f:ce:8f:df:cc:65:e1:aa:
42:f2:87:b4:8a:c7:22:fd:67:3d:2f:53:08:57:ef:25:35