diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f564c21..b2d6ee81 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,10 +16,19 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ---
 
 ## [Unreleased]
+### Added
+- Added automatic configuration of Linked RAs.
+- Send provisioner configuration on Linked RAs.
 ### Changed
-- Certificates signed by an issuer using an RSA key will be signed using the same algorithm as the issuer certificate was signed with. The signature will no longer default to PKCS #1. For example, if the issuer certificate was signed using RSA-PSS with SHA-256, a new certificate will also be signed using RSA-PSS with SHA-256.
-- Support two latest versions of Go (1.18, 1.19)
-- Vadlidate revocation serial number (either base 10 or prefixed with an appropriate base)
+- Certificates signed by an issuer using an RSA key will be signed using the
+  same algorithm used to sign the issuer certificate. The signature will no
+  longer default to PKCS #1. For example, if the issuer certificate was signed
+  using RSA-PSS with SHA-256, a new certificate will also be signed using
+  RSA-PSS with SHA-256.
+- Support two latest versions of Go (1.18, 1.19).
+- Validate revocation serial number (either base 10 or prefixed with an
+  appropriate base).
+- Sanitize TLS options.
 
 ## [0.20.0] - 2022-05-26
 ### Added
diff --git a/authority/authority.go b/authority/authority.go
index 59ded5be..73aa9cca 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -339,6 +339,19 @@ func (a *Authority) init() error {
 					Type:        conf.RaConfig.Provisioner.Type.String(),
 					Provisioner: conf.RaConfig.Provisioner.Name,
 				}
+				// Configure the RA authority type if needed
+				if options.Type == "" {
+					options.Type = casapi.StepCAS
+				}
+			}
+			// Remote configuration is currently only supported on a linked RA
+			if sc := conf.ServerConfig; sc != nil {
+				if a.config.Address == "" {
+					a.config.Address = sc.Address
+				}
+				if len(a.config.DNSNames) == 0 {
+					a.config.DNSNames = sc.DnsNames
+				}
 			}
 		}
 
diff --git a/authority/config/config.go b/authority/config/config.go
index 9170bf9e..c5e74b39 100644
--- a/authority/config/config.go
+++ b/authority/config/config.go
@@ -72,6 +72,7 @@ type Config struct {
 	Password         string               `json:"password,omitempty"`
 	Templates        *templates.Templates `json:"templates,omitempty"`
 	CommonName       string               `json:"commonName,omitempty"`
+	SkipValidation   bool                 `json:"-"`
 }
 
 // ASN1DN contains ASN1.DN attributes that are used in Subject and Issuer
@@ -201,6 +202,8 @@ func (c *Config) Save(filename string) error {
 // Validate validates the configuration.
 func (c *Config) Validate() error {
 	switch {
+	case c.SkipValidation:
+		return nil
 	case c.Address == "":
 		return errors.New("address cannot be empty")
 	case len(c.DNSNames) == 0:
diff --git a/authority/config/config_test.go b/authority/config/config_test.go
index 5a05b3f6..9b5b26aa 100644
--- a/authority/config/config_test.go
+++ b/authority/config/config_test.go
@@ -35,9 +35,16 @@ func TestConfigValidate(t *testing.T) {
 	type ConfigValidateTest struct {
 		config *Config
 		err    error
-		tls    TLSOptions
+		tls    *TLSOptions
 	}
 	tests := map[string]func(*testing.T) ConfigValidateTest{
+		"skip-validation": func(t *testing.T) ConfigValidateTest {
+			return ConfigValidateTest{
+				config: &Config{
+					SkipValidation: true,
+				},
+			}
+		},
 		"empty-address": func(t *testing.T) ConfigValidateTest {
 			return ConfigValidateTest{
 				config: &Config{
@@ -128,7 +135,7 @@ func TestConfigValidate(t *testing.T) {
 					Password:         "pass",
 					AuthorityConfig:  ac,
 				},
-				tls: DefaultTLSOptions,
+				tls: &DefaultTLSOptions,
 			}
 		},
 		"empty-TLS-values": func(t *testing.T) ConfigValidateTest {
@@ -143,7 +150,7 @@ func TestConfigValidate(t *testing.T) {
 					AuthorityConfig:  ac,
 					TLS:              &TLSOptions{},
 				},
-				tls: DefaultTLSOptions,
+				tls: &DefaultTLSOptions,
 			}
 		},
 		"custom-tls-values": func(t *testing.T) ConfigValidateTest {
@@ -165,7 +172,7 @@ func TestConfigValidate(t *testing.T) {
 						Renegotiation: true,
 					},
 				},
-				tls: TLSOptions{
+				tls: &TLSOptions{
 					CipherSuites: CipherSuites{
 						"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
 					},
@@ -209,9 +216,9 @@ func TestConfigValidate(t *testing.T) {
 				}
 			} else {
 				if assert.Nil(t, tc.err) {
-					fmt.Printf("tc.tls = %+v\n", tc.tls)
-					fmt.Printf("*tc.config.TLS = %+v\n", *tc.config.TLS)
-					assert.Equals(t, *tc.config.TLS, tc.tls)
+					fmt.Printf("tc.tls = %v\n", tc.tls)
+					fmt.Printf("*tc.config.TLS = %v\n", tc.config.TLS)
+					assert.Equals(t, tc.config.TLS, tc.tls)
 				}
 			}
 		})
diff --git a/commands/app.go b/commands/app.go
index 265610f2..7545f1df 100644
--- a/commands/app.go
+++ b/commands/app.go
@@ -7,12 +7,15 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strings"
 	"unicode"
 
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/authority/config"
+	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/ca"
+	"github.com/smallstep/certificates/db"
 	"github.com/smallstep/certificates/pki"
 	"github.com/urfave/cli"
 	"go.step.sm/cli-utils/errs"
@@ -99,10 +102,35 @@ func appAction(ctx *cli.Context) error {
 	}
 
 	cfg, err := config.LoadConfiguration(configFile)
-	if err != nil {
+	if err != nil && token == "" {
 		fatal(err)
 	}
 
+	// Initialize a basic configuration to be used with an automatically
+	// configured linked RA. Default configuration includes:
+	//  * badgerv2 on $(step path)/db
+	//  * JSON logger
+	//  * Default TLS options
+	if cfg == nil {
+		cfg = &config.Config{
+			SkipValidation: true,
+			Logger:         []byte(`{"format":"json"}`),
+			DB: &db.Config{
+				Type:       "badgerv2",
+				DataSource: filepath.Join(step.Path(), "db"),
+			},
+			AuthorityConfig: &config.AuthConfig{
+				DeploymentType: pki.LinkedDeployment.String(),
+				Provisioners:   provisioner.List{},
+				Template:       &config.ASN1DN{},
+				Backdate: &provisioner.Duration{
+					Duration: config.DefaultBackdate,
+				},
+			},
+			TLS: &config.DefaultTLSOptions,
+		}
+	}
+
 	if cfg.AuthorityConfig != nil {
 		if token == "" && strings.EqualFold(cfg.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
 			return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
diff --git a/go.mod b/go.mod
index 02770fbb..25020c27 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
 	go.step.sm/cli-utils v0.7.3
 	go.step.sm/crypto v0.17.1
-	go.step.sm/linkedca v0.17.1
+	go.step.sm/linkedca v0.18.0
 	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
 	golang.org/x/net v0.0.0-20220607020251-c690dde0001d
 	google.golang.org/api v0.84.0
diff --git a/go.sum b/go.sum
index 43387360..ce99276b 100644
--- a/go.sum
+++ b/go.sum
@@ -769,8 +769,8 @@ go.step.sm/cli-utils v0.7.3/go.mod h1:RJRwbBLqzs5nrepQLAV9FuT3fVpWz66tKzLIB7Izpf
 go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0=
 go.step.sm/crypto v0.17.1 h1:uKpJNvzVy/GKR28hJbW8VCbfcKKBDnGNBYCKhAp2TSg=
 go.step.sm/crypto v0.17.1/go.mod h1:FXFiLBUsoE0OGz8JTjxhYU1rwKKNgVIb5izZTUMdc/8=
-go.step.sm/linkedca v0.17.1 h1:LSP3kGGeVkOAoDWoqg89tko6mpvJKTRcOHfrEOnPsNc=
-go.step.sm/linkedca v0.17.1/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM=
+go.step.sm/linkedca v0.18.0 h1:uxRBd2WDvJNZ2i0nJm/QmG4lkRxWoebYKJinchX7T7o=
+go.step.sm/linkedca v0.18.0/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=