Smallstep Certificate Authority

Smallstep is an open-source certificate authority and X.509 certificate automation platform that simplifies internal PKI, mutual TLS, and zero-trust security for infrastructure and applications. Founded by Mike Malone in 2016 and based in San Francisco, Smallstep provides step CLI, step-ca certificate authority server, and Smallstep Enterprise commercial platform. Key products: step CLI (command-line tool for creating, signing, verifying, and renewing X.509 certificates, SSH certificates, and JSON Web Tokens, with support for ACME, OIDC, and custom provisioning). step-ca (open-source online certificate authority server supporting X.509 and SSH certificate issuance with ACME protocol, OIDC provisioning, SSO integration, and automatic certificate rotation via sidecar). Automated certificate lifecycle management (automatic certificate renewal via step-renew sidecar process that runs alongside applications, monitoring certificate expiry and renewing before expiration without downtime). ACME server (built-in ACME protocol support for automated certificate provisioning compatible with certbot, Lego, and acme.sh clients). SSH certificate authority (SSH CA functionality for signing user and host SSH certificates with short-lived TTLs, replacing long-lived SSH keys and eliminating key distribution). Mutual TLS automation (automated mTLS certificate provisioning and rotation for zero-trust service-to-service authentication, with X.509 certificate-based identity). Provisioning methods (X.aton, OIDC single sign-on with Okta, Google, Azure AD, and Auth0, ACME, JWK, NePPI, and cloud identity providers). Audit logging (detailed certificate issuance logs with API audit trail and certificate transparency). Kubernetes integration (autocert and step certificates operator for automated Kubernetes certificate management). Security (FIPS 140-2 compliant cryptographic operations, hardware security module (HSM) integration, and short-lived certificate best practices).