Step CA Pro replaces the open-source step-ca component, designed for mission-critical Device Identity use cases:
- Open Source to Commercial Transition: A drop-in upgrade for open-source step-ca, offering advanced features and compliance options.
- On-Prem Control: Full control over the CA and root signing keys while benefiting from our cloud-based integrations and management interface.
Key Features:
- Fast and lightweight setup on Linux or in container environments
- High-volume certificate issuance with HSM integration
- Issue certificates to clients across your infrastructure and in Kubernetes and container environments
- Broad support for enrollment protocols, such as ACME, SCEP, REST API, SSO (OAuth OIDC)
- Registration Authority Mode: Connectors for existing PKI backends (AD CS, GCP CAS, AWS PCM, Hashicorp Vault)
- High availability, distributed topology for critical high-volume internal CAs
- Improved observability/metrics (OpenTelemetry)
- Relational database schema enables reporting and ETL operations
- API eases integration with your CLM (Sectigo, AppViewX, Digicert)
- FIPS compliant binary
- step-ca Pro can link to the Smallstep cloud for additional functionality:
- Distributed Local CAs share cloud-config and active revocation
- Single pane of glass and API aggregates data across multiple local CAs
- Device Identity features (see below)
- Access to Smallstep's Support & Engineering Teams
Device Identity:
Step CA Pro unlocks Device Identity. Device Identity ensures that only company-owned devices can access your enterprise's most sensitive resources. Our collaboration with Google and Apple on the ACME Device Attestation (ACME DA) provides the strongest possible guarantee of authentic device identity, preventing credential exfiltration, phishing, and impersonation attacks.