This port contains the Smallstep step-ca certificates component

It can be used together with the Smallstep step-ca client. step-ca is a local CA. It can be used to create your own local PKI Infrastructure and includes things like e.g. the possibility to have your own ACME server. A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH. WWW: https://smallstep.com/certificates/ PR: 245535 Submitted by: Markus Wipp <mw@wipp.bayern>
svn path=/head/; revision=531970
2020-04-17 20:10:47 +00:00 · 2020-04-17 20:10:47 +00:00 · ae1c7c19c4 · 2021-03-31 03:12:20 +00:00
commit ae1c7c19c4
parent 6ce3add2d2
9 changed files with 333 additions and 2 deletions
--- a/2
+++ b/2
@ -206,7 +206,7 @@ meta1c:*:262:meta1s
 meta1m:*:263:meta1s,meta1q
 meta1:*:264:
 sshout:*:265:
-# free: 266
+step:*:266:
 # free: 267
 # free: 268
 # free: 269
--- a/2
+++ b/2
@ -211,7 +211,7 @@ meta1c:*:262:262::0:0:MeTA1 SMTPC:/nonexistent:/usr/sbin/nologin
 meta1m:*:263:263::0:0:MeTA1 misc:/nonexistent:/usr/sbin/nologin
 meta1:*:264:264::0:0:MeTA1 other:/nonexistent:/usr/sbin/nologin
 sshout:*:265:265::0:0:Secure Shout Host Oriented Unified Talk:/var/db/sshout:/usr/local/libexec/sshoutd
-# free: 266
+step:*:266:266::0:0:Step CA:/nonexistent:/usr/sbin/nologin
 # free: 267
 # free: 268
 # free: 269
--- a/security/Makefile
+++ b/security/Makefile
@ -1217,6 +1217,7 @@
    SUBDIR += sst
    SUBDIR += starttls
    SUBDIR += steghide
+    SUBDIR += step-certificates
    SUBDIR += step-cli
    SUBDIR += stoken
    SUBDIR += strobe
--- a/security/step-certificates/Makefile
+++ b/security/step-certificates/Makefile
@ -0,0 +1,89 @@
+# $FreeBSD$
+
+PORTNAME=	step-certificates
+DISTVERSIONPREFIX=v
+DISTVERSION=	0.14.2
+CATEGORIES=	security
+
+MAINTAINER=	mw@wipp.bayern
+COMMENT=	Smallstep step-ca certificates server
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+RUN_DEPENDS=	step:security/step-cli
+
+USES=		go:modules
+
+USERS=		step
+GROUPS=		step
+
+USE_RC_SUBR=	step-ca
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	smallstep
+GH_PROJECT=	certificates
+
+GO_TARGET=	./cmd/step-ca:${PREFIX}/sbin/step-ca  \
+		./cmd/step-cloudkms-init
+
+GO_BUILDFLAGS=	-ldflags "-w -X main.Version=${PORTVERSION}"
+
+GH_TUPLE=	\
+		AndreasBriese:bbloom:e2d15f34fcf9:andreasbriese_bbloom/vendor/github.com/AndreasBriese/bbloom \
+		Masterminds:goutils:v1.1.0:masterminds_goutils/vendor/github.com/Masterminds/goutils \
+		Masterminds:semver:v3.0.1:masterminds_semver/vendor/github.com/Masterminds/semver/v3 \
+		Masterminds:sprig:v3.0.0:masterminds_sprig/vendor/github.com/Masterminds/sprig/v3 \
+		census-instrumentation:opencensus-go:v0.22.2:census_instrumentation_opencensus_go/vendor/go.opencensus.io \
+		chzyer:readline:2972be24d48e:chzyer_readline/vendor/github.com/chzyer/readline \
+		cpuguy83:go-md2man:v2.0.0:cpuguy83_go_md2man/vendor/github.com/cpuguy83/go-md2man/v2 \
+		dgraph-io:badger:v1.5.3:dgraph_io_badger/vendor/github.com/dgraph-io/badger \
+		dgryski:go-farm:6a90982ecee2:dgryski_go_farm/vendor/github.com/dgryski/go-farm \
+		etcd-io:bbolt:v1.3.2:etcd_io_bbolt/vendor/go.etcd.io/bbolt \
+		go-chi:chi:v4.0.2:go_chi_chi/vendor/github.com/go-chi/chi \
+		go-sql-driver:mysql:v1.4.1:go_sql_driver_mysql/vendor/github.com/go-sql-driver/mysql \
+		golang:appengine:v1.6.5:golang_appengine/vendor/google.golang.org/appengine \
+		golang:crypto:0ec3e9974c59:golang_crypto/vendor/golang.org/x/crypto \
+		golang:groupcache:215e87163ea7:golang_groupcache/vendor/github.com/golang/groupcache \
+		golang:net:c0dbc17a3553:golang_net/vendor/golang.org/x/net \
+		golang:oauth2:858c2ad4c8b6:golang_oauth2/vendor/golang.org/x/oauth2 \
+		golang:protobuf:v1.3.2:golang_protobuf/vendor/github.com/golang/protobuf \
+		golang:sys:b016eb3dc98e:golang_sys/vendor/golang.org/x/sys \
+		golang:text:v0.3.2:golang_text/vendor/golang.org/x/text \
+		google:go-cmp:v0.3.1:google_go_cmp/vendor/github.com/google/go-cmp \
+		google:go-genproto:f3c370f40bfb:google_go_genproto/vendor/google.golang.org/genproto \
+		google:uuid:v1.1.1:google_uuid/vendor/github.com/google/uuid \
+		googleapis:gax-go:v2.0.5:googleapis_gax_go/vendor/github.com/googleapis/gax-go \
+		googleapis:google-api-go-client:v0.15.0:googleapis_google_api_go_client/vendor/google.golang.org/api \
+		googleapis:google-cloud-go:v0.51.0:googleapis_google_cloud_go/vendor/cloud.google.com/go \
+		grpc:grpc-go:v1.26.0:grpc_grpc_go/vendor/google.golang.org/grpc \
+		huandu:xstrings:v1.2.0:huandu_xstrings/vendor/github.com/huandu/xstrings \
+		imdario:mergo:v0.3.7:imdario_mergo/vendor/github.com/imdario/mergo \
+		juju:ansiterm:720a0952cc2a:juju_ansiterm/vendor/github.com/juju/ansiterm \
+		konsorten:go-windows-terminal-sequences:v1.0.2:konsorten_go_windows_terminal_sequences/vendor/github.com/konsorten/go-windows-terminal-sequences \
+		lunixbochs:vtclean:v1.0.0:lunixbochs_vtclean/vendor/github.com/lunixbochs/vtclean \
+		manifoldco:promptui:v0.3.1:manifoldco_promptui/vendor/github.com/manifoldco/promptui \
+		mattn:go-colorable:v0.1.4:mattn_go_colorable/vendor/github.com/mattn/go-colorable \
+		mattn:go-isatty:v0.0.11:mattn_go_isatty/vendor/github.com/mattn/go-isatty \
+		mitchellh:copystructure:v1.0.0:mitchellh_copystructure/vendor/github.com/mitchellh/copystructure \
+		mitchellh:reflectwalk:v1.0.0:mitchellh_reflectwalk/vendor/github.com/mitchellh/reflectwalk \
+		newrelic:go-agent:v2.15.0:newrelic_go_agent/vendor/github.com/newrelic/go-agent \
+		pkg:errors:v0.8.1:pkg_errors/vendor/github.com/pkg/errors \
+		rs:xid:v1.2.1:rs_xid/vendor/github.com/rs/xid \
+		russross:blackfriday:v2.0.1:russross_blackfriday/vendor/github.com/russross/blackfriday/v2 \
+		samfoo:ansi:b6bd2ded7189:samfoo_ansi/vendor/github.com/samfoo/ansi \
+		shurcooL:sanitized_anchor_name:v1.0.0:shurcool_sanitized_anchor_name/vendor/github.com/shurcooL/sanitized_anchor_name \
+		sirupsen:logrus:v1.4.2:sirupsen_logrus/vendor/github.com/sirupsen/logrus \
+		smallstep:assert:b99dc1097b15:smallstep_assert/vendor/github.com/smallstep/assert \
+		smallstep:cli:v0.14.2:smallstep_cli/vendor/github.com/smallstep/cli \
+		smallstep:nosql:v0.2.0:smallstep_nosql/vendor/github.com/smallstep/nosql \
+		spf13:cast:v1.3.1:spf13_cast/vendor/github.com/spf13/cast \
+		square:go-jose:v2.4.0:square_go_jose/vendor/gopkg.in/square/go-jose.v2 \
+		urfave:cli:v1.22.2:urfave_cli/vendor/github.com/urfave/cli
+
+post-install:
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/step
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
+	(cd ${WRKSRC}/docs && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR})
+
+.include <bsd.port.mk>
--- a/security/step-certificates/distinfo
+++ b/security/step-certificates/distinfo
@ -0,0 +1,103 @@
+TIMESTAMP = 1586506594
+SHA256 (smallstep-certificates-v0.14.2_GH0.tar.gz) = 3d4e93fba5798e3ce6ef45ae2a40a25aa623b84a72f884c7208ee5a1662c8c39
+SIZE (smallstep-certificates-v0.14.2_GH0.tar.gz) = 17540124
+SHA256 (AndreasBriese-bbloom-e2d15f34fcf9_GH0.tar.gz) = e88bd873a2251d70b5d2cbf9dceff24fa25ca5652ac1f99165c303e98df494a1
+SIZE (AndreasBriese-bbloom-e2d15f34fcf9_GH0.tar.gz) = 7704
+SHA256 (Masterminds-goutils-v1.1.0_GH0.tar.gz) = 053a61c4b0d78e6978600c99562f04d053993c428d549a20b627151cf1aabbae
+SIZE (Masterminds-goutils-v1.1.0_GH0.tar.gz) = 14610
+SHA256 (Masterminds-semver-v3.0.1_GH0.tar.gz) = 039a09a397f10906343c6d5b65381311e9b574429c2ebdb7ae5b7a75eb6b98c9
+SIZE (Masterminds-semver-v3.0.1_GH0.tar.gz) = 23977
+SHA256 (Masterminds-sprig-v3.0.0_GH0.tar.gz) = 6cee82b51e743e3fd9c9dfbb20d1667aeb0a92652db6971fa9c1658b0296633a
+SIZE (Masterminds-sprig-v3.0.0_GH0.tar.gz) = 47424
+SHA256 (census-instrumentation-opencensus-go-v0.22.2_GH0.tar.gz) = 0aa930142b669d7c47e2b8343f6adc9f03414a9c45763c5f746de95231d6ad6d
+SIZE (census-instrumentation-opencensus-go-v0.22.2_GH0.tar.gz) = 165321
+SHA256 (chzyer-readline-2972be24d48e_GH0.tar.gz) = 8f425cfb33fce61a137866c0a88117c68f49de79a61a341353fc97339c6b74da
+SIZE (chzyer-readline-2972be24d48e_GH0.tar.gz) = 36825
+SHA256 (cpuguy83-go-md2man-v2.0.0_GH0.tar.gz) = 50537880d42fc28b9c2e9aaa36b137349d43cc73d46436a499f8c928cd2fc576
+SIZE (cpuguy83-go-md2man-v2.0.0_GH0.tar.gz) = 52021
+SHA256 (dgraph-io-badger-v1.5.3_GH0.tar.gz) = 653dccac0adde8462e2ce88cb6ce8eaf1e50d9cb3ec5d57269307b2dabb4885c
+SIZE (dgraph-io-badger-v1.5.3_GH0.tar.gz) = 1018875
+SHA256 (dgryski-go-farm-6a90982ecee2_GH0.tar.gz) = 47bda738d281105cc7b1cb832880f93d220eae40b18095dc322b0b7bf44fdf23
+SIZE (dgryski-go-farm-6a90982ecee2_GH0.tar.gz) = 26800
+SHA256 (etcd-io-bbolt-v1.3.2_GH0.tar.gz) = 0f4bd88cce84f7b42f6364fc8c77ae7dd7d2f70224d1bb2abf410fc2f552c9a9
+SIZE (etcd-io-bbolt-v1.3.2_GH0.tar.gz) = 93921
+SHA256 (go-chi-chi-v4.0.2_GH0.tar.gz) = 7713a5afd18c440f38e67f853f5ded4f039f08f239dc6a29ed2788be5caaae99
+SIZE (go-chi-chi-v4.0.2_GH0.tar.gz) = 67748
+SHA256 (go-sql-driver-mysql-v1.4.1_GH0.tar.gz) = 9b5d435903a674cd761310365df992a1b4eed2e4e2f0c8aa90bdc996c330d7ae
+SIZE (go-sql-driver-mysql-v1.4.1_GH0.tar.gz) = 83524
+SHA256 (golang-appengine-v1.6.5_GH0.tar.gz) = 4e7df5d4ec2dda0f59f26925b36a087843fd1a165adb938712068376bf791316
+SIZE (golang-appengine-v1.6.5_GH0.tar.gz) = 332903
+SHA256 (golang-crypto-0ec3e9974c59_GH0.tar.gz) = 737fd8da273ec11281d2ff8798d6847ab1be9ebfa94bbc5a7252e0b04e1373a5
+SIZE (golang-crypto-0ec3e9974c59_GH0.tar.gz) = 1727772
+SHA256 (golang-groupcache-215e87163ea7_GH0.tar.gz) = 500b097a42fb5c0cd516f1bb56e9c745ba6c1c910b4dc7296aea2b9120ee5e70
+SIZE (golang-groupcache-215e87163ea7_GH0.tar.gz) = 26040
+SHA256 (golang-net-c0dbc17a3553_GH0.tar.gz) = 67e59dfe55231f9a28b167c6b77d897ad503e599b60e0eec16a677a0c641bb93
+SIZE (golang-net-c0dbc17a3553_GH0.tar.gz) = 1172293
+SHA256 (golang-oauth2-858c2ad4c8b6_GH0.tar.gz) = 28ae6a15793d97ba980dd318dba21167dd751ca8bbafcb69ffa648b41c7cbf48
+SIZE (golang-oauth2-858c2ad4c8b6_GH0.tar.gz) = 45265
+SHA256 (golang-protobuf-v1.3.2_GH0.tar.gz) = c9cda622857a17cf0877c5ba76688a931883e505f40744c9495638b6e3da1f65
+SIZE (golang-protobuf-v1.3.2_GH0.tar.gz) = 312285
+SHA256 (golang-sys-b016eb3dc98e_GH0.tar.gz) = 09d8ddfb8f2c651e956a534d5de1e5401567d12dd0a589abd4ad5e9fa4213b06
+SIZE (golang-sys-b016eb3dc98e_GH0.tar.gz) = 1535262
+SHA256 (golang-text-v0.3.2_GH0.tar.gz) = 0b9309698f5708531c5377ab1e29b423a6d9e20c55a8d386c3b8283428212f22
+SIZE (golang-text-v0.3.2_GH0.tar.gz) = 7168069
+SHA256 (google-go-cmp-v0.3.1_GH0.tar.gz) = a95fa266e5c2283b813102f265c1bdf5b78100f9889b984aef828eb094efe6e3
+SIZE (google-go-cmp-v0.3.1_GH0.tar.gz) = 76403
+SHA256 (google-go-genproto-f3c370f40bfb_GH0.tar.gz) = 754588f44bdfdbe4521ad0950375a0357f2454ff6de43e0e6d6a88b5b5182c55
+SIZE (google-go-genproto-f3c370f40bfb_GH0.tar.gz) = 5857725
+SHA256 (google-uuid-v1.1.1_GH0.tar.gz) = bebd4b0b4ea152a9793615ef23c83f688876d8c284a2092264d20a4bf4ffc423
+SIZE (google-uuid-v1.1.1_GH0.tar.gz) = 13543
+SHA256 (googleapis-gax-go-v2.0.5_GH0.tar.gz) = 3089affe6f5e27f7a6d494cb399aa6baf232384f763f548ad5ddfbea0e88e59c
+SIZE (googleapis-gax-go-v2.0.5_GH0.tar.gz) = 15328
+SHA256 (googleapis-google-api-go-client-v0.15.0_GH0.tar.gz) = 6d628266b507a71f26ce2fd426758e1241f9dd94458752d9d12a0b09da983844
+SIZE (googleapis-google-api-go-client-v0.15.0_GH0.tar.gz) = 13259795
+SHA256 (googleapis-google-cloud-go-v0.51.0_GH0.tar.gz) = efee71ab4baf86277c6ceec4633dd606595e4b0fa299c22863dbeb03eed65941
+SIZE (googleapis-google-cloud-go-v0.51.0_GH0.tar.gz) = 2441854
+SHA256 (grpc-grpc-go-v1.26.0_GH0.tar.gz) = a594cbd8f7d545d181c92b27aafd5d4824459e3a729a8bd67a0c8b99c411f05a
+SIZE (grpc-grpc-go-v1.26.0_GH0.tar.gz) = 765416
+SHA256 (huandu-xstrings-v1.2.0_GH0.tar.gz) = c43737734bb260e7d77329af8a33bf687f9430abc1b21d3b1f4a8fa6fb3dbde3
+SIZE (huandu-xstrings-v1.2.0_GH0.tar.gz) = 16628
+SHA256 (imdario-mergo-v0.3.7_GH0.tar.gz) = ce29171c44a6b4084ed514bc9b4ed6c3c01462c210b7ec6fe5e56691a46eb939
+SIZE (imdario-mergo-v0.3.7_GH0.tar.gz) = 16668
+SHA256 (juju-ansiterm-720a0952cc2a_GH0.tar.gz) = 5595c2dc8973aab36a69648d4d94cac75a9ff4a28eb074a7b82b030fc7edbf64
+SIZE (juju-ansiterm-720a0952cc2a_GH0.tar.gz) = 15417
+SHA256 (konsorten-go-windows-terminal-sequences-v1.0.2_GH0.tar.gz) = e61f6422c7d1222c4c642b9134e5a4576a89ff651ef947487faa8ef33b6b4cfe
+SIZE (konsorten-go-windows-terminal-sequences-v1.0.2_GH0.tar.gz) = 1987
+SHA256 (lunixbochs-vtclean-v1.0.0_GH0.tar.gz) = 38aa5c60284f77cbb4be1de4af8907ce66954ff1a11e4f910d02e0283ce13b33
+SIZE (lunixbochs-vtclean-v1.0.0_GH0.tar.gz) = 4213
+SHA256 (manifoldco-promptui-v0.3.1_GH0.tar.gz) = 8860f2166c1913b2f66d4e8992957128037cc8c9495f225208c8462d1b0236cc
+SIZE (manifoldco-promptui-v0.3.1_GH0.tar.gz) = 22986
+SHA256 (mattn-go-colorable-v0.1.4_GH0.tar.gz) = 157806ad8125e6bef4d9b58c9125ccb98a8343136f93faf442ab0cc6e7c24c11
+SIZE (mattn-go-colorable-v0.1.4_GH0.tar.gz) = 8981
+SHA256 (mattn-go-isatty-v0.0.11_GH0.tar.gz) = 631fab18253998a4e27e9d260c445e9852bd86cf5a42693623d305c3e59c415a
+SIZE (mattn-go-isatty-v0.0.11_GH0.tar.gz) = 4396
+SHA256 (mitchellh-copystructure-v1.0.0_GH0.tar.gz) = 0e04d8fe1065459ab234507b9a4b7164b05eda970fee6ffdf0219423c357fda8
+SIZE (mitchellh-copystructure-v1.0.0_GH0.tar.gz) = 8903
+SHA256 (mitchellh-reflectwalk-v1.0.0_GH0.tar.gz) = bd22df35225e4bfcecafb35ac4869911fafc356f5dadcfb141cd0caededc87c3
+SIZE (mitchellh-reflectwalk-v1.0.0_GH0.tar.gz) = 6143
+SHA256 (newrelic-go-agent-v2.15.0_GH0.tar.gz) = 128096c8ac96e6cfd099aa359f46f0d814c1662eb82b017bed726bffff6800c5
+SIZE (newrelic-go-agent-v2.15.0_GH0.tar.gz) = 350696
+SHA256 (pkg-errors-v0.8.1_GH0.tar.gz) = 7a428967c6fc2e80cd84a0d9469ab6bd4dbe6b13493ba6294322a933a5a7e356
+SIZE (pkg-errors-v0.8.1_GH0.tar.gz) = 11009
+SHA256 (rs-xid-v1.2.1_GH0.tar.gz) = bb207227d5ae99bda71d38ae11e29b822c9b572223781bc282ad2f8e69002f2c
+SIZE (rs-xid-v1.2.1_GH0.tar.gz) = 9553
+SHA256 (russross-blackfriday-v2.0.1_GH0.tar.gz) = 5a0f38a36b6f3b2d59b72d713451a895a4d3a4406b3533882483782e37797cff
+SIZE (russross-blackfriday-v2.0.1_GH0.tar.gz) = 79613
+SHA256 (samfoo-ansi-b6bd2ded7189_GH0.tar.gz) = 01cb78eb5c20624c6a02d185584e1b6815495e2c915e441926d66772721e258f
+SIZE (samfoo-ansi-b6bd2ded7189_GH0.tar.gz) = 4566
+SHA256 (shurcooL-sanitized_anchor_name-v1.0.0_GH0.tar.gz) = 7e11964980f9b8595c17bc8970f0174621afe464920e38df7f8d77e45058388f
+SIZE (shurcooL-sanitized_anchor_name-v1.0.0_GH0.tar.gz) = 2143
+SHA256 (sirupsen-logrus-v1.4.2_GH0.tar.gz) = 67f2ddf467b7e63d2d2529d227946a331e245aeef7e2e4521ae82647b5ef84d9
+SIZE (sirupsen-logrus-v1.4.2_GH0.tar.gz) = 41373
+SHA256 (smallstep-assert-b99dc1097b15_GH0.tar.gz) = 6aa33efa39730adfc6588c7350bb868ac59f4137aeb42bc5ef97bf469afcdd93
+SIZE (smallstep-assert-b99dc1097b15_GH0.tar.gz) = 4033
+SHA256 (smallstep-cli-v0.14.2_GH0.tar.gz) = bc3732082d6800bf1a60784631bd9f916a04d07bdd25e1775cb564e4776152bc
+SIZE (smallstep-cli-v0.14.2_GH0.tar.gz) = 446978
+SHA256 (smallstep-nosql-v0.2.0_GH0.tar.gz) = 368bd3c0beee1f94aa5deb26cc9cffa830ca94939928bc17d7ba8237e5b199a5
+SIZE (smallstep-nosql-v0.2.0_GH0.tar.gz) = 18508
+SHA256 (spf13-cast-v1.3.1_GH0.tar.gz) = 4fa8d06903b490ae6f1316e55c5446d5648eea2b450671ebc54d4bbe79bc46b1
+SIZE (spf13-cast-v1.3.1_GH0.tar.gz) = 11102
+SHA256 (square-go-jose-v2.4.0_GH0.tar.gz) = 3824f79c5f851784032a7800d72f32229ce6617612fab28642c18b5150b52493
+SIZE (square-go-jose-v2.4.0_GH0.tar.gz) = 303589
+SHA256 (urfave-cli-v1.22.2_GH0.tar.gz) = 38a93b363b3d668506fa094937cd8b81dde333c74b59388cecf95443c8cdabf3
+SIZE (urfave-cli-v1.22.2_GH0.tar.gz) = 76132
--- a/security/step-certificates/files/step-ca.in
+++ b/security/step-certificates/files/step-ca.in
@ -0,0 +1,90 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: step-ca
+# REQUIRE: LOGIN networking
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable or customize this service:
+#
+# step_ca_enable (bool):	Set to NO by default.
+#				Set to YES to enable step_ca.
+# step_ca_user (user):		Set user to run step_ca.
+#				Default is "step"
+# step_ca_group (group):	Set group to run step_ca.
+#				Default is "step"
+# step_ca_stepdir (dir):	Set dir to run step_ca in.
+#				Default is "%%PREFIX%%/etc/step"
+# step_ca_steppath (dir):	Set dir to run hold step_ca CA information in.
+#				Default is "${step_ca_stepdir}/ca"
+# step_ca_password (path):	step_ca CA Password file path
+#				Default is "${step_ca_stepdir}/password.txt"
+
+. /etc/rc.subr
+
+name="step_ca"
+rcvar="step_ca_enable"
+
+load_rc_config $name
+: ${step_ca_enable:=no}
+: ${step_ca_user:=step}
+: ${step_ca_group:=step}
+: ${step_ca_stepdir:=%%PREFIX%%/etc/step}
+: ${step_ca_steppath:=${step_ca_stepdir}/ca}
+: ${step_ca_password:=${step_ca_stepdir}/password.txt}
+
+pidfile="/var/run/${name}.pid"
+step_ca_command="%%PREFIX%%/sbin/step-ca"
+step_ca_config="\
+	${step_ca_steppath}/config/ca.json \
+	--password-file ${step_ca_password}"
+
+command="/usr/sbin/daemon"
+command_args="-S -c \
+		-P $pidfile \
+		-t $name \
+		-T $name \
+		$step_ca_command $step_ca_config"
+
+start_precmd=step_ca_startprecmd
+start_postcmd=step_ca_postcmd
+
+step_ca_startprecmd()
+{
+        if [ ! -e ${pidfile} ]; then
+                install -o ${step_ca_user} -g ${step_ca_group} /dev/null ${pidfile};
+        fi
+
+	if [ ! -e ${step_ca_steppath} ]; then
+		echo "No configured Step CA found."
+		echo "Creating new one...."
+		export STEPPATH=${step_ca_steppath}
+		%%PREFIX%%/bin/step ca init
+		chown -R ${step_ca_user}:${step_ca_group} ${step_ca_steppath}
+	fi
+
+	if [ ! -e ${step_ca_password} ]; then
+		echo "Step CA Password file for auto-start not found"
+		echo "Creating it...."
+		install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_password}
+		echo "Please enter the Step CA Password:"
+		stty -echo; read passwd; stty echo; echo
+		echo $passwd > ${step_ca_password}
+	fi
+
+	if [ -e ${step_ca_steppath}/config/ca.json ]; then
+		configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json)
+		if [ ${configured_port} -lt 1024 ]; then
+			echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}"
+		fi
+	fi
+}
+
+step_ca_postcmd() {
+	sleep 2
+	run_rc_command status
+}
+
+run_rc_command "$1"
--- a/security/step-certificates/pkg-descr
+++ b/security/step-certificates/pkg-descr
@ -0,0 +1,11 @@
+This port contains the Smallstep step-ca certificates component
+
+It can be used together with the Smallstep step-ca client.
+step-ca is a local CA. It can be used to create your own local PKI
+Infrastructure and includes things like e.g. the possibility to have your
+own ACME server.
+
+A private certificate authority (X.509 & SSH) & ACME server for secure
+automated certificate management, so you can use TLS everywhere & SSO for SSH.
+
+WWW: https://smallstep.com/certificates/
--- a/security/step-certificates/pkg-message
+++ b/security/step-certificates/pkg-message
@ -0,0 +1,17 @@
+[
+{ type: install
+  message: <<EOM
+================================================================================
+Step Certificates requires additional configuration:
+
+The simple way is via the service start script step_ca. 
+When there is no configuration it will be created. User input is required!!!
+
+The hard way would be via the step command.
+
+Ensure to set the STEPPATH environment variable. This makes using the
+commands much simpler.
+================================================================================
+EOM
+}
+]
--- a/security/step-certificates/pkg-plist
+++ b/security/step-certificates/pkg-plist
@ -0,0 +1,20 @@
+bin/step-cloudkms-init
+sbin/step-ca
+@dir etc/step
+%%DOCSDIR%%/CONTRIBUTING.md
+%%DOCSDIR%%/GETTING_STARTED.md
+%%DOCSDIR%%/README.md
+%%DOCSDIR%%/acme.md
+%%DOCSDIR%%/database.md
+%%DOCSDIR%%/defaults.md
+%%DOCSDIR%%/docker.md
+%%DOCSDIR%%/images/connect-with-mtls-2.png
+%%DOCSDIR%%/images/oidc1.png
+%%DOCSDIR%%/images/oidc2.png
+%%DOCSDIR%%/images/oidc3.png
+%%DOCSDIR%%/images/step-ca-2-legged.gif
+%%DOCSDIR%%/images/step-ca-3-legged.gif
+%%DOCSDIR%%/kms.md
+%%DOCSDIR%%/provisioners.md
+%%DOCSDIR%%/questions.md
+%%DOCSDIR%%/revocation.md