no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | advanced:ssh_conversion [2021/07/04 00:23] (current) – created dan | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Introduction ====== | ||
+ | So you've set up a local certificate authority using the Smallstep CA software, and you're using it to issue x.509 certificates to resources on your LAN. Perhaps you followed [[https:// | ||
+ | |||
+ | ====== Prerequisites ====== | ||
+ | This guide assumes your Tiny CA is up and running without problems, and running at least version 0.15.8 of the step-ca software. | ||
+ | |||
+ | ====== Configuration ====== | ||
+ | Before proceeding, you'll need to stop the CA software. | ||
+ | ===== Create keypairs ===== | ||
+ | Next, you'll need to create the signing key pairs for host and user certificates. | ||
+ | |||
+ | You'll then need to convert the '' | ||
+ | ===== Modify ca.json ===== | ||
+ | You'll now need to make some edits to the Step CA config file, ''/ | ||
+ | |||
+ | First, tell step-ca to look for the signing keys on the YubiKey. | ||
+ | < | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | </ | ||
+ | The first closing brace in this section is already present, but make sure to add the comma after it. | ||
+ | |||
+ | Second, edit the first provisioner in this file (the '' | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | } | ||
+ | }, | ||
+ | </ | ||
+ | The part you're adding here is the '' | ||
+ | ===== Add sshpop provisioner ===== | ||
+ | You'll need to add another provisioner, | ||
+ | ===== Start the CA ===== | ||
+ | Now, start the certificate authority again. | ||
+ | ====== Conclusion ====== | ||
+ | Your CA is now configured to issue SSH user and host certificates. | ||