Step-CA: Run as a systemd service

Create /etc/systemd/system/step-ca.service

Fill it with this, make sure your directories are correct in the ExecStart line:


ExecStart=/bin/sh -c '/bin/step-ca /home/step/.step/config/ca.json --password-file=/home/step/.step/pwd >> /var/log/step-ca/output.log 2>&1'


Next, populate the pwd file with the plaintext intermediate CA password. I put mine in /home/step/.step/pwd

Next, configure the /home/step/.step/config/ca.json file with the port and address you want to host the server behind. I’d recommend and then a nginx reverse proxy in front of it.

Last, create the log file directories:

mkdir -p /var/log/step-ca
chown -R step:step /var/log/step-ca

Now make damn sure it’s hard to login to that box and hard for anyone to read the pwd file.

About: Ryan Parker

I'm a former captain of the Cyber Defense team, Current Infrastructure Security Specialist. I also have a side job helping small to medium business with anything technology doing everything imaginable. One of my hobbies is building out infrastructures for myself, friends, and clients. I current maintain a homelab with about 400GB of RAM, 100+ TB of storage, and tons of CPU cores.

One thought on “Step-CA: Run as a systemd service”

Leave a Reply

Your email address will not be published. Required fields are marked *