Add option for step ca certificate to return certificates in PKCS8 or PKCS12

[sshipway]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

Currently, step ca certificate, step ca renew etc will issue a new certificate and key in PKCS1 PEM format, only.
It would be good to add options to allow new certificates to be issued in PKCS8 or PKCS12 as well.

For renewals, the command should also be able to detect the types of the provided certificate file (PKCS8, PKCS1, PKCS12) and process accordingly.

e.g.

step ca renew $PKCS12FILE --expires-in 24h
step ca certificate $CN --file-format pkcs8 --password-file pass.txt $CERTFILE $KEYFILE 
step ca certificate $CN --file-format pkcs12 --no-password $PKCS12FILE  

Why is this needed?

While these can then subsequently be converted to DER, PKCS8, or PKCS12 by other commands, it would be more convenient if there were additional options to allow these formats to be created by the original command. This would in particular help with things such as autorenewals which need to trigger a service restart, greatly simplifying the process.