You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I see downloading of the ICA from a client/device was discussed in #1023 with what amount to workarounds. Has anything about this changed since 2022?
It would be helpful to be able to download the full CA chain and/or import it for trust on the client side. (Using macOS here, so Keychain.)
I can get the CA cert, and that’s trusted on my computer. However, I’d like to be able to get the ICA as a file and also import it for full trust chain examination/evaluation.
Fwiw, Claude erroneously and repeatedly suggests commands with a “--bundle” option. What it provides doesn’t work, and only downloads the CA cert PEM. (It thinks I have an old version of Step CA, which is not the case.)
It also suggested adding “crtChain” to the “ca.json” on the Step CA server and restarting. This does not seem to have helped or hurt (haven’t checked for hallucinations, to add an alliterative third “h”).
I can definitely get the CA and ICA with “--bundle” here:
step certificate inspect --bundle --format pem <INSERT CA URL>
But it would be convenient to be able to get/import the full chain and/or the CA / ICA separately. Since I didn’t give my CA a friendly name, it would help for it to be more automatic / require less memory (on my part).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I see downloading of the ICA from a client/device was discussed in #1023 with what amount to workarounds. Has anything about this changed since 2022?
It would be helpful to be able to download the full CA chain and/or import it for trust on the client side. (Using macOS here, so Keychain.)
I can get the CA cert, and that’s trusted on my computer. However, I’d like to be able to get the ICA as a file and also import it for full trust chain examination/evaluation.
Fwiw, Claude erroneously and repeatedly suggests commands with a “--bundle” option. What it provides doesn’t work, and only downloads the CA cert PEM. (It thinks I have an old version of Step CA, which is not the case.)
It also suggested adding “crtChain” to the “ca.json” on the Step CA server and restarting. This does not seem to have helped or hurt (haven’t checked for hallucinations, to add an alliterative third “h”).
I can definitely get the CA and ICA with “--bundle” here:
step certificate inspect --bundle --format pem <INSERT CA URL>But it would be convenient to be able to get/import the full chain and/or the CA / ICA separately. Since I didn’t give my CA a friendly name, it would help for it to be more automatic / require less memory (on my part).
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions