Xice PKI

Xice established the Xice PKI in support of the generation, issuance, distribution, revocation, administration, and management of public/private cryptographic keys that are contained in CA-signed X.509 Certificates.




Xice Root Certificates

Download Root Cert: Use step-cli:
    step ca bootstrap --ca-url https://ca.xice.wang \
    --fingerprint 857ecb0bc7299963c9ff78da3b9bfedefb66ff2b5ade182199a93875575b30c5 \
    --install


Certificate Revocation Lists

Other Public Key

SSH Public Key: Install SSH Key:
    step ssh certificate --host $HOST\
    --sign cn.xice.wang \
    /etc/ssh/ssh_host_ecdsa_key.pub
    step ssh config --host \
    --set Certificate=ssh_host_ecdsa_key-cert.pub \
    --set Key=ssh_host_ecdsa_key
PGP Public Key:

ACME Server

API Server URL: acme.sh Example:
    acme.sh --issue --standalone -d foo.internal \
    --server https://pki.xice.wang/acme/acme/directory \
    --ca-bundle $(step path)/certs/root_ca.crt \
    --fullchain-file foo.crt \
    --key-file foo.key
certbot Example:
    REQUESTS_CA_BUNDLE=$(step path)/certs/root_ca.crt \
    certbot certonly -n --standalone -d foo.internal \
    --server https://pki.xice.wang/acme/acme/directory
more info....