step-ca

AWS Azure Security 2 variations

step-ca, a private online certificate authority from Smallstep, bootstrapping its own CA on first boot.

Base
Hardened build
minimal ports, security patches applied at build time
Access
Unique credentials
generated on first boot, readable only by root
Verified
Boots working
services pass a health gate before release
Support
24/7, 365 days
by email and live chat, 24 hour response SLA

Variations

Choose the operating system, cloud and version you need. Every variation is the same hardened step-ca image, built and supported by cloudimg.

ProductCloudOperating systemVersion
step-ca AWS Standard View · Guide
step-ca on Ubuntu 24.04 LTS Azure Ubuntu 24.04 Standard View · Guide

Overview

step-ca is an open source private online certificate authority from Smallstep that issues X.509 and ACME certificates over TLS. It lets organisations run internal public key infrastructure, issuing short lived certificates and automating renewal for services, devices and workloads.

Why the cloudimg image

The cloudimg image is hardened and fully patched with step-ca running as a service alongside the step command line tool. Every instance bootstraps its own unique certificate authority on first boot with freshly generated key passwords and its own root and intermediate certificates, so no CA material is shared or ships in the image. Configuration, certificates and keys sit on a dedicated resizable data disk, with 24/7 cloudimg support included.

Common uses

  • Internal TLS certificates
  • ACME automation
  • Private PKI