diff --git a/mkdocs/docs/projects/step_ca.md b/mkdocs/docs/projects/step_ca.md
new file mode 100644
index 0000000..03a4585
--- /dev/null
+++ b/mkdocs/docs/projects/step_ca.md
@@ -0,0 +1,97 @@
+# Step CA
+
+An internal CA and ACME Provider.
+
+## Brief
+
+Step can do more, but lets configure the basics.
+
+## Install
+
+``` bash
+sudo -i
+```
+
+``` bash
+apt-get update && apt-get install -y --no-install-recommends curl vim gpg ca-certificates
+curl -fsSL https://packages.smallstep.com/keys/apt/repo-signing-key.gpg -o /etc/apt/trusted.gpg.d/smallstep.asc && \
+    echo 'deb [signed-by=/etc/apt/trusted.gpg.d/smallstep.asc] https://packages.smallstep.com/stable/debian debs main' \
+    | tee /etc/apt/sources.list.d/smallstep.list
+apt-get update && apt-get -y install step-cli step-ca
+```
+
+!!! note "For more install instructions see smallstep [installation guide](https://smallstep.com/docs/step-ca/installation/)."
+
+## Config Setup
+
+``` bash
+echo 'some-password' > secret
+```
+
+=== Config
+
+  ``` bash
+  step ca init \
+  --deployment-type standalone \
+  --name ${CA_NAME} \
+  --dns=${CA_DNS_NAMES} \
+  --address 0.0.0.0:5001 \
+  --provisioner ${CA_EMAIL} \
+  --password-file ./secret
+  ```
+
+=== Example
+
+  ``` bash
+  step ca init \
+  --deployment-type standalone \
+  --name rskio \
+  --dns=rskio.com,rskntr.com \
+  --address 0.0.0.0:5001 \
+  --provisioner dev@rskio.com \
+  --password-file ./secret
+  ```
+
+``` bash
+step ca provisioner add dev --type ACME
+```
+
+## Service
+
+## Certificates
+
+### Trust
+
+``` bash
+cat ~/.step/certs/root_ca.crt
+cat ~/.step/certs/intermediate_ca.crt
+```
+
+save and install the files into the trusted certificates on your endpoint and enable trust for ssl signing
+
+### ClusterIssuer
+
+``` bash
+cat .step/certs/root_ca.crt | base64 -w0
+```
+
+use output in the spec.
+
+``` yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: dev-step-issuer
+spec:
+  acme:
+    email: ${SOME_EMAIL}
+    server: https://${CA_DOMAIN}/acme/dev/directory
+    privateKeySecretRef:
+      name: dev-step-issuer-account-key
+    caBundle: ${CA_ROOT_PEM}
+    solvers:
+      - selector: {}
+        http01:
+          ingress:
+            class: traefik
+```