Replies: 1 comment 1 reply
-
|
Hey! This is a default security restriction in step-ca. By default, the CA will not issue certificates for special names like localhost to prevent accidental or malicious local service interception. To override this, you need to update your ca.json configuration for the specific provisioner. You can add a claims section to the provisioner configuration to allow specific DNS names. For example, in your ca.json: "provisioners": [ After updating ca.json, restart the step-ca service. This explicitly tells the CA that this provisioner is permitted to sign certificates for the localhost identifier. Hope this helps! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
When I try to use
step ca certificateto create a leaf certificate with a SAN including localhost, the JWK provisioner returns:I don't understand why the JWK provisioner blocked this. How do I override this?
Beta Was this translation helpful? Give feedback.
All reactions