-
From what I've read here I have to run only the following command - done:
However the following data necessary is not explained anywhere
That leads to an error:
In my ca server log i see a 404 on
Any idea what I'm doing wrong... Thank you for your help. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 5 replies
-
Hi @logopk, you're getting a
The only way to move from At the same time, it's not always a good idea to use the CA root to create an X5C provisioner, and the reason is that anyone that can create a certificate in that CA, for example, anyone in your organization if you're using an OIDC provisioner, will be able to create any kind of certificate. In our paid offering you can add custom policies for each provisioner, but this is not supported in open source. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the hint to a different root. I was successful with the description of https://github.com/joaopedrolourencoaffonso/python_smallstep/blob/fdb1cf019b2be7c0121883590088c1f1045aa37d/7-version/README.md To add the X5C provisioner I used the path to config/ca.json
One thing was a bit irritating. I use a different step context for the staging ca. When I ran the command first, step cli complained that it did not find the templates directory in the context directory.
I symlinked the staging ca's templates directory to this and the problem went away. Why does the client look for that in the bootstrap-STEPHOME and not the given ca-config-Path? |
Beta Was this translation helpful? Give feedback.
Hi @logopk, you're getting a
status=404
because your CA is configured to use the ca.json to manage the provisioners. Currently, there're 3 ways to manage those:"authority": {"enableAdmin": true"}
step
tries to locate the ca.json and if it can't it defaults to the other two options. If you want to continue using theca.json
, you need to go into the server the CA is, run the same command, and then reload the CA (killall -HUP step-ca
). You can use the…