Provides internal certificates through ACME. As our network is trusted, this is mostly unused, and only exists for a few services that refuse to run properly without .

• /var/lib/step-ca/

Here is our CA certificate:

-----BEGIN CERTIFICATE-----
MIIBlzCCAT2gAwIBAgIQEcmEsApMPiF6dPsDH6kTBTAKBggqhkjOPQQDAjAqMQ8w
DQYDVQQKEwZUQVJESVMxFzAVBgNVBAMTDlRBUkRJUyBSb290IENBMB4XDTIyMDky
MzEyNTQ0N1oXDTMyMDkyMDEyNTQ0N1owKjEPMA0GA1UEChMGVEFSRElTMRcwFQYD
VQQDEw5UQVJESVMgUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABK8C
gt7UMC38QlJkUP0kMBKUYaAsURqEDQwWSUO+IfcMDVellwlB/x9vlVadlN7DaWFa
YxV9pZ+Lfa+AfO57JFqjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMB0GA1UdDgQWBBSNPkp/zPziiJMbV8ePJOw0IdcZETAKBggqhkjOPQQD
AgNIADBFAiEAv/DpsYXAKbgpT2UGavkEqIKkmNk3p4Hp7rQQDb4CihYCIBJg1KHr
NJUNX54vDKcfosJVtz8OwYZSvMdGmdLVlceE
-----END CERTIFICATE-----

Handled declaratively by Nix