Listing Thumbnail

    step-ca | Support by cloudimg

     Info
    Sold by: cloudimg 
    Deployed on AWS
    Free Trial
    AWS Free Tier
    This product has charges associated with it for seller support. step-ca, the open source private online certificate authority from Smallstep, preinstalled and running as a system service serving X.509 and ACME certificates over TLS. Each instance bootstraps its own unique certificate authority on first boot, so you can issue and automate internal TLS certificates for your services, devices and workloads within minutes of launch. Backed by 24/7 cloudimg support.

    Overview

    Open image

    This is a repackaged open source software product wherein additional charges apply for cloudimg support services.

    Overview step-ca is an open source online certificate authority for secure, automated X.509 and SSH certificate management. It runs your own private PKI: an internal certificate authority that issues short-lived TLS certificates to your services, devices and workloads, with full support for the ACME protocol so any ACME client can request and renew certificates automatically. This image delivers step-ca fully installed and running as a system service, with a freshly bootstrapped certificate authority on every instance, so a private CA is serving certificates within minutes of launch.

    Private Certificate Authority Service The step-ca daemon installed from the official release packages and run by a hardened systemd service as a dedicated unprivileged user, started on boot and restarted on failure. The CA serves its X.509 and ACME API over TLS, and the matching step command line tool is installed for bootstrapping clients, inspecting certificates and issuing certificates from the provisioner. The CA configuration, root and intermediate certificates and the encrypted signing keys live on a dedicated data disk.

    Unique CA Per Instance On its first boot every instance generates its own random certificate authority key passwords and initialises a brand new certificate authority with its own root and intermediate certificates and freshly encrypted signing keys, unique to that instance. No certificate authority material is shared between instances and none ships in the image. The first boot writes the generated passwords and the root certificate fingerprint to a protected file for the operator, so you can bootstrap clients against your CA immediately.

    ACME and X.509 A default ACME provisioner is configured so standard ACME clients can request and renew certificates against an internal directory endpoint, and a password protected JWK provisioner lets you issue certificates directly with the step tool. Issue short-lived leaf certificates for internal services, enable mutual TLS between workloads, and automate renewal so certificates rotate without manual intervention.

    Configurable and Resizable The certificate authority reads its configuration from a single JSON file under a dedicated data volume. Add and remove provisioners, adjust certificate lifetimes and templates, enable SSH certificates, and point ACME clients at the directory. The configuration, certificates and keys sit on an independently resizable, snapshottable EBS data volume kept off the operating system disk.

    Ready To Use Connect over SSH and the certificate authority is already running and healthy. Read the welcome notes for the generated passwords and the root fingerprint, bootstrap a client with the step tool, then request your first certificate. The CA serves its API over TLS on the standard HTTPS port.

    cloudimg Support 24/7 technical support by email and chat. Help with PKI design, provisioner configuration, ACME automation, certificate templates and lifetimes, SSH certificates, client bootstrapping, renewal and upgrade planning.

    Use Cases An internal certificate authority issuing TLS certificates to your private services. An ACME server automating certificate renewal across your infrastructure. A mutual TLS backbone issuing short-lived workload identities. A device and IoT certificate authority for fleet enrolment.

    All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

    Highlights

    • step-ca, the Apache-2.0 open source private online certificate authority from Smallstep, preinstalled and running as a systemd service serving X.509 and ACME certificates over TLS, with the matching step command line tool, no manual setup required
    • Every instance bootstraps its own unique certificate authority on first boot with freshly generated key passwords, its own root and intermediate certificates and encrypted signing keys, so no CA material is shared between instances or ships in the image
    • Issue short-lived internal TLS certificates and automate renewal with the built-in ACME provisioner, with the configuration, certificates and keys on a dedicated, independently resizable data disk, and 24/7 technical support from cloudimg

    Details

    Sold by

    Delivery method

    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)

    Latest version

    Operating system
    Ubuntu 24.04

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free for 7 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

    step-ca | Support by cloudimg

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.
    If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier  for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier  for more details.

    Usage costs (800)

     Info
    • ...
    Dimension
    Description
    Cost/hour
    t3.small
    Recommended
    t3.small
    $0.04
    t2.micro
    t2.micro instance type
    $0.04
    t3.micro
    t3.micro instance type
    $0.04
    c5a.12xlarge
    c5a.12xlarge instance type
    $0.24
    c5a.16xlarge
    c5a.16xlarge instance type
    $0.24
    c5a.24xlarge
    c5a.24xlarge instance type
    $0.24
    c5a.2xlarge
    c5a.2xlarge instance type
    $0.24
    c5a.4xlarge
    c5a.4xlarge instance type
    $0.24
    c5a.8xlarge
    c5a.8xlarge instance type
    $0.24
    c5a.large
    c5a.large instance type
    $0.08

    Vendor refund policy

    Refunds available on request.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    Initial release of step-ca 0.30.2 (with the step CLI 0.30.6), the open source private online certificate authority, as a ready-to-use service that bootstraps a unique certificate authority on first boot.

    Additional details

    Usage instructions

    Connect via SSH on port 22 as the default login user for your operating system variant (the user guide lists it per variant). This is a headless certificate-authority service: there is no web interface. Read the welcome notes, including the per-instance CA and provisioner passwords and the root certificate fingerprint, with: sudo cat /root/step-ca-credentials.txt. Confirm the CA daemon is running with: systemctl status step-ca. The CA serves its X.509 and ACME API over TLS on port 443; check its health with: curl -k https://127.0.0.1/health  (returns {"status":"ok"}). The CA configuration, certificates and encrypted keys live on a dedicated data disk mounted at /etc/step-ca (STEPPATH); the main config is /etc/step-ca/config/ca.json. To issue certificates, bootstrap a client with the step tool against the root fingerprint shown in the welcome notes, then use step ca certificate, or point any ACME client at the CA's ACME directory. Open port 443 to the clients that need to reach the CA in the instance security group.

    Resources

    Vendor resources

    Support

    Vendor support

    cloudimg provides 24/7 technical support for this product by email and live chat. Our engineers help with deployment, configuration, updates, performance tuning and troubleshooting; critical issues receive a one hour average response. Contact support@cloudimg.co.uk .

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 reviews
    No customer reviews yet
    Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.