Admin Web Interface

[bonedaddy]

What would you like to be added

A web interface geared for administrators of smallstep certificate authorities

Why this is needed

Management of CA's is primarily CLI driven, and requires SSH access. Additionally getting an overview of the certificates currently issued, their expirations, etc.. is not super easy and a bit "manual". An administrative web interface similar to that provided by labca would be extremely useful.

[tashian]

Hi @bonedaddy,

step is geared toward automation. We put our efforts into making an great CLI interface instead of a web interface, because the CLI facilitates automation. We don't have any near term plans for a web interface, but we're looking into expanding our REST API documentation so that a web interface could more easily be built.

The overview of certificates issued is a separate feature request, so let me address that one too. The step-ca request log includes a base64 representation of each certificate issued, and it will give you a lot of what you want if you're willing to parse it.

Thanks,
Carl

[tashian]

For anyone following this issue, just wanted to let you know that our hosted Certificate Manager service comes with an administrative web interface that addresses this issue. It offers certificate observability (visibility, alerting, monitoring) as well. If you already run step-ca yourself, you can link your open source CA instance to the hosted product and start seeing new certificates in the UI.

Linking a single open source CA is free. So, I want to encourage anyone looking to get visibility into their step-ca PKI to try this out and give us feedback. Cheers!

Note: you'll need to recreate your provisioners using the new step beta ca provisioner subcommand group. Let us know if you're having any issues there and we'll be happy to help. For real time help, come find us on Discord - https://discord.gg/ypu2T7qg9y.