Saving CA over HTTPS

PKI Hierarchy

[Root CA Host (Offline Later)]
|--- root_ca.crt-------------------------Copy to Intermediate CA-.
'--- root_ca_key <--------------------.                          |
                                      |                          |
                                      |                          |
[Intermediate CA]                     |                          |
|    intermediate.key generate        |                          |
'--- Intermediate CSR -------- Signed by Root CA                 |
                               Output intermediate_ca.crt ---.   |
                                                             |   |
<---Copy to /var/lib/step/.step/certs/intermediate_ca.crt----'   |
<---Copy to /var/lib/step/.step/certs/root_ca.crt----------------'
intermediate.key renamed to intermediate_ca_key

Linux

sudo curl -k https://sub-ca.domain.tld/roots.pem -o /usr/local/share/ca-certificates/internal-intermediate.crt

sudo update-ca-certificates

Windows

curl.exe -k https://sub-ca.domain.tld/roots.pem -o "$env:USERPROFILE/Downloads/roots.pem"
curl.exe -k https://sub-ca.domain.tld/intermediates.pem -o "$env:USERPROFILE/Downloads/intermediates.pem"
Import-Certificate -FilePath "$env:USERPROFILE/Downloads/roots.pem" -CertStoreLocation Cert:\CurrentUser\Root\
Import-Certificate -FilePath "$env:USERPROFILE/Downloads/intermediates.pem" -CertStoreLocation Cert:\CurrentUser\CA\

Saving CA over HTTPS

Certificate Renewal Dry Run

Convert PFX to PEM

Convert Certificate and Key to PFX

Convert P12 to PEM

Saving CA over HTTPS

PKI Hierarchy

Linux

Windows