Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: step ca init with --pki ignores --context flag #1263

Open
tashian opened this issue Aug 27, 2024 · 0 comments
Open

[Bug]: step ca init with --pki ignores --context flag #1263

tashian opened this issue Aug 27, 2024 · 0 comments
Assignees
Labels
bug needs triage Waiting for discussion / prioritization by team

Comments

@tashian
Copy link
Contributor

tashian commented Aug 27, 2024

Steps to Reproduce

step ca init --context abc --pki --name="Tiny" --deployment-type standalone

Your Environment

  • OS - macOS
  • step CLI Version - 0.27.2

Expected Behavior

Even if it doesn't create a full context,
I expected it to write to $(step path)/authorities/abc/...

OR, it could error. Perhaps --context (and --profile and --authority) aren't compatible with --pki?

Actual Behavior

It writes to $(step path).

Additional Context

Full example with the --pki flag:

$ export STEPPATH=/tmp
$ step ca init --context abc --pki --name="Tiny" --deployment-type standalone
Choose a password for your CA keys.
✔ [leave empty and we'll generate one]:

Generating root certificate... done!
Generating intermediate certificate... done!

✔ Root certificate: /tmp/certs/root_ca.crt
✔ Root private key: /tmp/secrets/root_ca_key
✔ Root fingerprint: f31b0d5606d139f9dcb6caa02c7282349883ba9851790bff977d4bdbfa32074a
✔ Intermediate certificate: /tmp/certs/intermediate_ca.crt
✔ Intermediate private key: /tmp/secrets/intermediate_ca_key

Without the --pki flag:

$ step ca init --context abc --name="Tiny" --deployment-type standalone
What DNS names or IP addresses will clients use to reach your CA?
✔ (e.g. ca.example.com[,10.1.2.3,etc.]): ca.example.com
What IP and port will your new CA bind to? (:443 will bind to 0.0.0.0:443)
✔ (e.g. :443 or 127.0.0.1:443): :443
What would you like to name the CA's first provisioner?
✔ (e.g. you@smallstep.com): carl@smallstep.com
Choose a password for your CA keys and first provisioner.
✔ [leave empty and we'll generate one]:

Generating root certificate... done!
Generating intermediate certificate... done!

✔ Root certificate: /tmp/authorities/abc/certs/root_ca.crt
✔ Root private key: /tmp/authorities/abc/secrets/root_ca_key
✔ Root fingerprint: 798bd560eabef45a35f0436a612eb0882fb770fc36a9c0f3827da64cd4d8e847
✔ Intermediate certificate: /tmp/authorities/abc/certs/intermediate_ca.crt
✔ Intermediate private key: /tmp/authorities/abc/secrets/intermediate_ca_key
✔ Database folder: /tmp/authorities/abc/db
✔ Default configuration: /tmp/authorities/abc/config/defaults.json
✔ Default profile configuration: /tmp/profiles/abc/config/defaults.json
✔ Certificate Authority configuration: /tmp/authorities/abc/config/ca.json

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

@tashian tashian added bug needs triage Waiting for discussion / prioritization by team labels Aug 27, 2024
@smallstep smallstep deleted a comment Aug 27, 2024
@hslatman hslatman assigned dopey and unassigned maraino Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug needs triage Waiting for discussion / prioritization by team
Projects
None yet
Development

No branches or pull requests

3 participants