Java applications: ''' $ step certificate p12 trust.p12 --ca ca.crt ''' Package a certificate and private key with an empty password: ''' $ step certificate p12 --no-password --insecure foo.p12 foo.crt foo.key ''' Package a certificate and private key using a legacy encoder, ''' $ step certificate p12 --legacy foo.p12 foo.crt foo.key ''' **step certificate uninstall** uninstalls a root certificate from the supported trust stores. Java's and Firefox's trust stores are also supported via the respective flags. ## POSITIONAL ARGUMENTS : Root certificate to uninstall from the specified trust stores. ## EXAMPLES Uninstall only from the system's default trust store: ''' $ step certificate uninstall root-ca.pem ''' Uninstall a root certificate from all the supported trust stores: ''' $ step certificate uninstall --all root-ca.pem ''' Uninstall a root certificate from Firefox's and the system's default trust store: ''' $ step certificate uninstall --firefox root-ca.pem ''' Uninstall a root certificate from Java's and the system's default trust store: ''' $ step certificate uninstall --java root-ca.pem ''' Uninstall a certificate from Firefox, Java, but not from the system: ''' $ step certificate uninstall --firefox --java --no-system root-ca.pem '''## NAME **{{.HelpName}}** -- {{.Usage}} ## USAGE '''raw {{if .UsageText}}{{.UsageText}}{{else}}**{{.HelpName}}**{{if .Commands}} {{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments]{{end}}{{end}} ''' {{- if .Description}} ## DESCRIPTION {{.Description}}{{end}}{{if .VisibleCommands}} ## COMMANDS {{range .VisibleCategories}}{{if .Name}}{{.Name}}:{{end}} | Name | Usage | |---|---|{{range .VisibleCommands}} | **[{{join .Names ", "}}]({{.Name}}/)** | {{.Usage}} |{{end}} {{end}}{{if .VisibleFlags}}{{end}} ## OPTIONS {{range $index, $option := .VisibleFlags}}{{if $index}} {{end}}{{$option}} {{end}}{{end}}{{if .Copyright}}{{if len .Authors}} ## AUTHOR{{with $length := len .Authors}}{{if ne 1 $length}}S{{end}}{{end}}: {{range $index, $author := .Authors}}{{if $index}} {{end}}{{$author}}{{end}}{{end}}{{if .Version}}{{if not .HideVersion}} ## VERSION {{.Version}}{{end}}{{end}} ## COPYRIGHT {{.Copyright}} {{end}} **step certificate install** installs a root certificate in the supported trust stores. Java's and Firefox's trust stores are also supported via the respective flags ## POSITIONAL ARGUMENTS : Root certificate to install in the specified trust stores. ## EXAMPLES Install a root certificate in the system's default trust store: ''' $ step certificate install root-ca.pem ''' Install a root certificate in all the supported trust stores: ''' $ step certificate install --all root-ca.pem ''' Install a root certificate in Firefox's and the system's default trust store: ''' $ step certificate install --firefox root-ca.pem ''' Install a root certificate in Java's and the system's default trust store: ''' $ step certificate install --java root-ca.pem ''' Install a root certificate in Firefox's and Java's trust store, but not in the system's default trust store: ''' $ step certificate install --firefox --java --no-system root-ca.pem '''**step crypto jwt verify** reads a JWT data structure from STDIN; checks that the audience, issuer, and algorithm are in agreement with expectations; verifies the digital signature or message authentication code as appropriate; and outputs the decoded payload of the JWT on STDOUT. If verification fails a non-zero failure code is returned. If verification succeeds the command returns 0. For a JWT to be verified successfully: * The JWT must be well formed (no errors during deserialization) * The must match the **"alg"** member in the JWT header * The and must match the **"iss"** and **"aud"** claims in the JWT, respectively * The must match the **"kid"** member in the JWT header (if both are present) and must match the **"kid"** in the JWK or the **"kid"** of one of the JWKs in JWKS * The JWT signature must be successfully verified * The JWT must not be expired For examples, see **step help crypto jwt**.**step oauth** [**--provider**=] [**--client-id**= **--client-secret**=] [**--scope**= ...] [**--bare** [**--oidc**]] [**--header** [**--oidc**]] [**--prompt**=] [**--auth-param**=] **step oauth** **--authorization-endpoint**= **--token-endpoint**= **--client-id**= **--client-secret**= [**--scope**= ...] [**--bare** [**--oidc**]] [**--header** [**--oidc**]] [**--prompt**=] [**--auth-param**=] **step oauth** [**--account**=] [**--authorization-endpoint**=] [**--token-endpoint**=] [**--scope**= ...] [**--bare** [**--oidc**]] [**--header** [**--oidc**]] [**--prompt**=] [**--auth-param**=] **step oauth** **--account**= **--jwt** [**--scope**= ...] [**--header**] [**-bare**] [**--prompt**=] [**--auth-param**=]The "typ" (type) Header Parameter is used by JWS applications to declare the media type of this complete JWS. This is intended for use by the application when more than one kind of object could be present in an application data structure that can contain a JWS; the application can use this value to disambiguate among the different kinds of objects that might be present. It will typically not be used by applications when the kind of object is already known. This parameter is ignored by JWS implementations; any processing of this parameter is performed by the JWS application. Use of is optional. The "typ" value "JOSE" can be used by applications to indicate that this object is a JWS or JWE using the JWS Compact Serialization or the JWE Compact Serialization. The "typ" value "JOSE+JSON" can be used by applications to indicate that this object is a JWS or JWE using the JWS JSON Serialization or the JWE JSON Serialization. Other type values can also be used by applications.## NAME **{{.HelpName}}** -- {{.Usage}} ## USAGE {{if .UsageText}}{{.UsageText}}{{else}}**{{.HelpName}}**{{if .Commands}} {{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}_[arguments]_{{end}}{{end}}{{if .Description}} ## DESCRIPTION {{.Description}}{{end}}{{if .VisibleCommands}} ## COMMANDS {{range .VisibleCategories}}{{if .Name}}{{.Name}}:{{end}} ||| |---|---|{{range .VisibleCommands}} | **{{join .Names ", "}}** | {{.Usage}} |{{end}} {{end}}{{if .VisibleFlags}}{{end}} ## OPTIONS {{range $index, $option := .VisibleFlags}}{{if $index}} {{end}}{{$option}} {{end}}{{end}}{{if .Copyright}}{{if len .Authors}} ## AUTHOR{{with $length := len .Authors}}{{if ne 1 $length}}S{{end}}{{end}}: {{range $index, $author := .Authors}}{{if $index}} {{end}}{{$author}}{{end}}{{end}}{{if .Version}}{{if not .HideVersion}} ## ONLINE This documentation is available online at https://smallstep.com/docs/cli ## VERSION {{.Version}}{{end}}{{end}} ## COPYRIGHT {{.Copyright}} ## FEEDBACK **step ca provisioner webhook** command group provides facilities for managing the webhooks attached to a provisioner Administrators can attach webhooks to provisioners to retrieve additional data that will be available when rendering certificate templates. Webhooks can also be used to disallow signing certificates for unknown entities. Any data returned from the webhook server will be added to the template context under the path "Webhooks.". Implementations of webhook servers must conform to the step-ca documentation at https://smallstep.com/docs/step-ca/templates for parsing and verifying request bodies and forming valid response bodies. ## EXAMPLES Add a new webhook to a provisioner: ''' step ca provisioner webhook add my_provisioner my_webhook --url https://example.com ''' Change a webhook's url: ''' step ca provisioner webhook update my_provisioner my_webhook --url https://example.com ''' Remove a webhook: ''' step ca provisioner webhook remove my_provisioner my_webhook ''' FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF----AdlmAfakAghbAhomArabAranArmiArmnAvstBaliBamuBassBatkBengBhksBlisBopoBrahBraiBugiBuhdCakmCansCariChamCherChrsCirtCoptCpmnCprtCyrlCyrsDevaDiakDogrDsrtDuplEgydEgyhEgypElbaElymEthiGeokGeorGlagGongGonmGothGranGrekGujrGuruHanbHangHaniHanoHansHantHatrHebrHiraHluwHmngHmnpHrktHungIndsItalJamoJavaJpanJurcKaliKanaKawiKharKhmrKhojKitlKitsKndaKoreKpelKthiLanaLaooLatfLatgLatnLekeLepcLimbLinaLinbLisuLomaLyciLydiMahjMakaMandManiMarcMayaMedfMendMercMeroMlymModiMongMoonMrooMteiMultMymrNagmNandNarbNbatNewaNkdbNkgbNkooNshuOgamOlckOrkhOryaOsgeOsmaOugrPalmPaucPcunPelmPermPhagPhliPhlpPhlvPhnxPiqdPlrdPrtiPsinQaaaQaabQaacQaadQaaeQaafQaagQaahQaaiQaajQaakQaalQaamQaanQaaoQaapQaaqQaarQaasQaatQaauQaavQaawQaaxQaayQaazQabaQabbQabcQabdQabeQabfQabgQabhQabiQabjQabkQablQabmQabnQaboQabpQabqQabrQabsQabtQabuQabvQabwQabxRanjRjngRohgRoroRunrSamrSaraSarbSaurSgnwShawShrdShuiSiddSindSinhSogdSogoSoraSoyoSundSunuSyloSyrcSyreSyrjSyrnTagbTakrTaleTaluTamlTangTavtTeluTengTfngTglgThaaThaiTibtTirhTnsaTotoUgarVaiiVispVithWaraWchoWoleXpeoXsuxYeziYiiiZanbZinhZmthZsyeZsymZxxxZyyyZzzz