step-ca

by Smallstepv0.30.2

Last updated Jun 8, 2026

A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management.

Install with winget

$ winget install --id Smallstep.step-ca --exact --version 0.30.2

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

step-ca is an online certificate authority for secure, automated certificate management. It issues X.509 and SSH certificates using protocols like ACME, OIDC, and SCEP.

Installers · v0.30.2

Architecture	Type	Scope	Install	Download
x64	Portable	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

2 known CVEs via NVD

low3.7Patched in wingetCVE-2026-40097affects before 0.30.0Apr 10, 2026
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key...
Patch Vendor advisory
critical10.0Patched in wingetCVE-2026-30836affects before 0.30.0Mar 19, 2026
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.
Patch Vendor advisory

Source: NVD, updated 5h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr.

Related apps

S
stepSmallstep
Smallstep.stepv0.30.6
A Swiss army knife for working with X.509 certificates, JWTs, etc.
W
Winix NetCatTroy Willmot
Winix.NetCatv0.3.0
Cross-platform netcat — TCP/UDP send/receive, port checks, TLS clients.
Windows Admin Center (v2)Microsoft Corporation
Microsoft.WindowsAdminCenterv2.6.7.28
A customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows 10/11 PCs. It comes at no additional cost beyond Windows and is ready to use in production.
DPIBreakDilluti0n
Dilluti0n.DPIBreakv0.6.1
Fast and easy-to-use DPI circumvention tool in Rust
CaddyStack Holdings GmbH.
CaddyServer.Caddyv2.11.4
HTTP/2 web server with automatic HTTPS
FireDaemon OpenSSLFireDaemon
FireDaemon.OpenSSLv4.0.0.3
FireDaemon OpenSSL Installer

More from Smallstep or browse certificates, smallstep, tls.

Frequently asked questions

How do I install step-ca on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Smallstep.step-ca --exact --version 0.30.2. winget downloads the installer from Smallstep and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install step-ca silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Smallstep.step-ca --exact 0.30.2 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall step-ca via winget?

Run: winget uninstall --id Smallstep.step-ca --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from step-ca's Apps & Features entry.

Is step-ca free?

step-ca is distributed under Apache-2.0. Refer to the publisher (https://github.com/smallstep/certificates) for the full license terms - Wingetly itself does not charge for installation.

Does step-ca work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls step-ca directly from the publisher.

How do I keep step-ca up to date?

Run winget upgrade --id Smallstep.step-ca --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of step-ca from microsoft/winget-pkgs.

Recent versions

0.30.2latest
0.30.1
0.28.4
0.28.3
0.28.2
0.28.1
0.28.0
0.27.5
0.27.4
0.27.2