Certificate invalid: expired

[queglay]

Thanks for sharing this workflow example.

I followed the steps on Mac OS 10.15.7

I think there was a step missing to add the host name and IP to the host, This was only mentioned to be done on the vagrant host. So I did this as well:

user@MacBookPro13 step-ssh-example % echo "192.168.0.101   testhost" | sudo tee -a /etc/hosts

I still got a certificate invalid error though. Here are my final steps:

user@MacBookPro13 step-ssh-example % step ssh certificate testuser testuser_ecdsa --ca-url https://localhost --root step/certs/root_ca.crt
✔ Provisioner: admin (JWK) [kid: ux6AhkfzgclpI65xJeGHzNqHCmdCl0-nWO8YqF1mcn0]
✔ Please enter the password to decrypt the provisioner key: 
✔ CA: https://localhost
Please enter the password to encrypt the private key: 
✔ Private Key: testuser_ecdsa
✔ Public Key: testuser_ecdsa.pub
✔ Certificate: testuser_ecdsa-cert.pub
✔ SSH Agent: yes
user@MacBookPro13 step-ssh-example % ssh-add -l
256 SHA256:+9g8u7uS0hwVL7i4wzye2Su7OO+9xrBZezLqCBfbuio testuser (ECDSA-CERT)
user@MacBookPro13 step-ssh-example % ssh testuser@testhost
ssh: Could not resolve hostname testhost: nodename nor servname provided, or not known
user@MacBookPro13 step-ssh-example % ssh testuser@192.168.0.101
Certificate invalid: expired
The authenticity of host '192.168.0.101 (192.168.0.101)' can't be established.
ECDSA key fingerprint is SHA256:8ZUcP+byduIkhoWYJ3AYsz5gJ34cpk98c5Z5qr52ofQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C
user@MacBookPro13 step-ssh-example % echo "192.168.0.101   testhost" | sudo tee -a /etc/hosts
Password:
192.168.0.101   testhost
user@MacBookPro13 step-ssh-example % ssh testuser@testhost                                   
Certificate invalid: expired
The authenticity of host 'testhost (192.168.0.101)' can't be established.
ECDSA key fingerprint is SHA256:8ZUcP+byduIkhoWYJ3AYsz5gJ34cpk98c5Z5qr52ofQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C
user@MacBookPro13 step-ssh-example %