Step CA: Generate root and intermediate CAs

I recently (re)setup a Step CA instance in my homelab.

By default, the root certificate that Step CA generates has a validity of 10 years, but I wanted it to be longer. I did that by the following. (Also, for now, I just put the root key and its password in Bitwarden, but I should move it elsewhere at some point in future.)

step certificate create "SelfHostedCA" root_ca.crt root_ca_key --profile root-ca --not-after 876000h

I then generated an intermediate {cert, key} pair like the following. As per Step CA’s documentation, this is the easiest route but there are move ways you can do something similar.

step ca init --root root_ca.crt --key root_ca_key