install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/TerminalSkills/skills/step-ca" ~/.claude/skills/comeonoliver-skillshub-step-ca && rm -rf "$T"
manifest:
skills/TerminalSkills/skills/step-ca/SKILL.mdsource content
step-ca (Smallstep)
Overview
step-ca is a private certificate authority for issuing TLS certificates to internal services. Automated certificate issuance, renewal, and revocation — like Let's Encrypt but for private infrastructure.
Instructions
Step 1: Initialize CA
brew install step step ca init --name "Internal CA" --dns localhost --address :443 --provisioner admin
Step 2: Issue Certificates
step-ca $(step path)/config/ca.json # start CA server step ca certificate api.internal api.crt api.key # issue cert
Step 3: Auto-Renewal
step ca renew --daemon api.crt api.key # auto-renews before expiry
Step 4: mTLS Between Services
// server.ts — Node.js server with mutual TLS import https from 'https' import fs from 'fs' const server = https.createServer({ cert: fs.readFileSync('server.crt'), key: fs.readFileSync('server.key'), ca: fs.readFileSync('root_ca.crt'), requestCert: true, // require client certificate rejectUnauthorized: true, }, (req, res) => { const clientCN = req.socket.getPeerCertificate().subject.CN res.end('Hello ' + clientCN) })
Guidelines
- Use step-ca for internal services, Let's Encrypt for public-facing.
- Short-lived certs (24h) with auto-renewal are more secure than long-lived ones.
- ACME protocol support — works with Certbot, Caddy.
- Integrates with Kubernetes cert-manager for automatic pod certificates.