Runtime: Certificate authority (legacy)
Overview
Section titled “Overview”This page documents the legacy smallstep/step-ca CA UI that previously lived behind ca.app.lef.
It is being decommissioned. Current certificate workflows are:
- Windows servers: AD CS (Active Directory Certificate Services)
- Web servers and DB hosts: manual issuance from the LEF Root CA
See the runbooks:
Legacy reverse proxy mapping
Section titled “Legacy reverse proxy mapping”| Field | Value |
|---|---|
| Public hostname | ca.app.lef |
| Reverse proxy vhost | ca.app.lef.conf (on web.core.lef) |
| NGINX upstream | ca_app_lef |
| Backend (internal) | tools.core.lef:8443 |
Where it runs
Section titled “Where it runs”- Backend host:
tools.core.lef
Runtime & maintenance
Section titled “Runtime & maintenance”This runtime is typically deployed as a rootless Podman container, managed via systemd or podman-compose.
Runtime version
Section titled “Runtime version”| Field | Value |
|---|---|
| Container runtime | See Containers as a Service |
| Image | — |
| Version (tag/digest) | — |
| How to check running version | — |