Installing Step CA in My Homelab
Step CA is an open-source private CA made by Smallstep. I will use it to generate certificates for some componenents in my lab.
First we install the dependencies:
sudo apt-get update && sudo apt-get install -y --no-install-recommends curl gpg ca-certificates
Then we get the Smallstep repository signing key:
sudo curl -fsSL https://packages.smallstep.com/keys/apt/repo-signing-key.gpg -o /etc/apt/keyrings/smallstep.asc
Then we add the Smallstep repository:
cat << 'EOF' | sudo tee /etc/apt/sources.list.d/smallstep.sources > /dev/null Types: deb URIs: https://packages.smallstep.com/stable/debian Suites: debs Components: main Signed-By: /etc/apt/keyrings/smallstep.asc EOF
Then we install step-cli and step-ca:
sudo apt-get update && sudo apt-get -y install step-cli step-ca
Then we check the install:
step-ca version step version Smallstep CA/0.30.2 (linux/amd64) Release Date: 2026-03-23T00:18:00Z Smallstep CLI/0.30.4 (linux/amd64) Release Date: 2026-06-10T06:10:28Z
Next, we’ll run the initializer:
step ca init \ --name "lostintransit.se" \ --dns "stepca.lostintransit.se" \ --address ":443" \ --provisioner "[email protected]"Deployment Type: Standalone Choose a password for your CA keys and first provisioner.
[leave empty and we'll generate one]: Generating root certificate... done! Generating intermediate certificate... done!
Root certificate: /home/ddib/.step/certs/root_ca.crt
Root private key: /home/ddib/.step/secrets/root_ca_key
Root fingerprint: 8f08102ae41eb7fc6a57f62fbaccaf82cb7a67dbedca858a0352a75b4fa763cd
Intermediate certificate: /home/ddib/.step/certs/intermediate_ca. Continue reading
Deployment Type: Standalone
Choose a password for your CA keys and first provisioner.


