ies to manage certificate
authority contexts.

## EXAMPLES

'''
$ cat $(step path --base)/contexts.json
{
    "alpha-one": {
        "authority": "alpha-one.ca.smallstep.com",
        "profile": "alpha-one"
    },
    "alpha-two": {
        "authority": "alpha-two.ca.smallstep.com",
        "profile": "alpha-two"
    },
    "beta": {
        "authority": "beta.ca.smallstep.com",
        "profile": "beta"
    }
}
'''

Select the default certificate authority context:
'''
$ step context select alpha-one
'''

List the available certificate authority contexts:
'''
$ step context list
▶ alpha-one
alpha-two
beta
'''**step ssh certificate** <key-id> <key-file>
[**--host**] [--**host-id**] [**--sign**] [**--principal**=<string>]
[**--password-file**=<file>] [**--provisioner-password-file**=<file>]
[**--add-user**] [**--not-before**=<time|duration>] [**--comment**=<comment>]
[**--not-after**=<time|duration>] [**--token**=<token>] [**--issuer**=<name>]
[**--console**] [**--no-password**] [**--insecure**] [**--force**] [**--x5c-cert**=<file>]
[**--x5c-key**=<file>] [**--k8ssa-token-path**=<file>] [**--no-agent**]
[**--kty**=<key-type>] [**--curve**=<curve>] [**--size**=<size>]
[**--min-password-length**=<length>] [**--ca-url**=<uri>]
[**--root**=<file>] [**--context**=<name>]The cryptographic content encryption algorithm used to perform authenticated
encryption on the plaintext payload (the content) to produce ciphertext and
the authentication tag.

: <content-enc-algorithm> is a case-sensitive string and must be one of:

    **A128CBC-HS256**
    :  AES_128_CBC_HMAC_SHA_256 authenticated encryption algorithm

    **A192CBC-HS384**
    :  AES_192_CBC_HMAC_SHA_384 authenticated encryption algorithm

    **A256CBC-HS512**
    :  AES_256_CBC_HMAC_SHA_512 authenticated encryption algorithm

    **A128GCM**
    :  AES GCM using 128-bit key

    **A192GCM**
    :  AES GCM using 192-bit key

    **A256GCM** (default)
	:  AES GCM using 256-bit key**%s** command manages URI domains in policies

## EXAMPLES

Allow all URI subdomains of "local" in X.509 certificates on authority level
'''
$ step ca policy authority x509 allow uri "*.local"
'''

Deny URI badhost.local domain in X.509 certificates on authority level
'''
$ step ca policy authority x509 deny uri badhost.local
'''

Remove badhost.local from denied URI domain names in X.509 certificates on authority level
'''
$ step ca policy authority x509 deny uri badhost.local --remove
'''

Allow all URI subdomains of "example.com" in X.509 certificates on provisioner level
'''
$ step ca policy provisioner x509 allow uri "*.example.com" --provisioner my_provisioner
'''**step ca api token create** creates a new token for connecting to the Smallstep API.

## POSITIONAL ARGUMENTS

<team>
:  UUID or slug of the team the API token will be issued for. This is available in the Smallstep dashboard.

<crt-file>
:  File to read the certificate (PEM format). This certificate must be signed by a trusted root configured in the Smallstep dashboard.

<key-file>
:  File to read the private key (PEM format).

## EXAMPLES
Use a certificate to get a new API token:
'''
$ step api token create ff98be70-7cc3-4df5-a5db-37f5d3c96e23 internal.crt internal.key
'''

Get a token using the team slug:
'''
$ step api token create teamfoo internal.crt internal.key
'''
**step ssh renew** command renews an SSH Host Certificate
using [step certificates](https://github.com/smallstep/certificates).
It writes the new certificate to disk - either overwriting <ssh-cert> or
using a new file when the **--out**=<file> flag is used. This command cannot
be used to renew SSH User Certificates.

## POSITIONAL ARGUMENTS

<ssh-cert>
:  The ssh certificate to renew.

<ssh-key>
:  The ssh certificate private key.

## EXAMPLES

Renew an ssh certificate overwriting the previous one:
'''
$ step ssh renew -f id_ecdsa-cert.pub id_ecdsa
'''

Renew an ssh certificate with a custom out file:
'''
$ step ssh renew -out new-id_ecdsa-cer.pub id_ecdsa-cert.pub id_ecdsa
'''**step ca health** makes an API request to the /health
endpoint of the Step CA to check if it is running. If the CA is healthy, the
response will be 'ok'.

## EXAMPLES

Using the required flags:
'''
$ step ca health --ca-url https://ca.smallstep.com:8080 --root path/to/root_ca.crt
ok
'''

With the required flags preconfigured:

**--ca-url** is set using environment variables (as STEP_CA_URL) or the default
configuration file in <$STEPPATH/config/defaults.json>.

**--root** is set using environment variables (as STEP_ROOT), the default
configuration file in <$STEPPATH/config/defaults.json> or the default root
certificate located in <$STEPPATH/certs/root_ca.crt>

'''
$ step ca health
ok
'''<path d="M26.1994 21.6989C26.5136 23.3294 28.3272 24.7249 28.9555 25.1068L35.8387 29.2344C36.5098 29.6164 40.3227 31.9813 41.7936 36.2852C41.8364 36.388 41.9364 36.4615 42.0363 36.4615C42.1791 36.4615 42.3077 36.344 42.3077 36.1824V24.5633C42.3077 23.917 41.9649 23.3147 41.408 23.0063L40.1085 22.2718C39.8372 22.1249 39.5087 22.2131 39.3516 22.4922L37.5523 25.7091C37.3952 25.9882 37.0525 26.0763 36.7812 25.9147L31.4689 22.7566C31.1976 22.595 31.1119 22.2424 31.269 21.9633L32.9969 18.8786C33.1682 18.5702 33.0397 18.1883 32.7256 18.056C32.1829 17.821 31.526 17.586 31.4689 17.5566C30.1123 17.1013 28.1987 16.9397 27.2848 18.3205C26.6421 19.2899 25.971 20.4651 26.1994 21.6989Z" fill="#DC4B40"/>