Page Comparison

...

Prerequisites

• YubiKey 4 and newer
• Yubikey Manager
• Active Directory account
• Windows domain-bound machine (necessary for Enrollment)
  • Logged in as the account that will appear on the certificate
  • Account is member of CLAWS managed group its-certs-smartcard
    • Find someone on Systems or IA team
  Yubikey Manager
  
  • Download direct from Yubico: https://www.yubico.com/support/download/yubikey-manager/#h-downloads
  Windows
  • https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-win64.exe

  Expand
  title SCCM Software Center
  Image Removed

  • Mac
    • https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-mac.pkg
  • Linux
    • AppImage - https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-linux.AppImage
    • Src - https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest.tar.gz

Process

New Setup

1. Run the Yubikey Manager application and insert your key
   
   
2. Click on Applications and then click on PIV
   
   
   

3. Change PIN if Yubikey is fresh out of the box or it's been defaulted

   Note
   skip to Enrollment if Yubikey is already initialized

   1. Click on Configure PINs
      
      
   2. Click Change PIN and then check Use default (if it is default).
      Choose a PIN between 6 - 8 characters.
      Finish with changing PIN by clicking on Change PIN
      
   3. Click on Change PUK and then check Use default (if it is default).
      Choose a PUK between 6 - 8 characters.
      Finish with changing PUK by clicking on Change PUK
      
      
   4. Click on Change Management Key and then check Use default (if it is default).
      Click on Generate a few times to randomly create a new management key.
      Choose AES256 as Algorithm.
      Finish with changing the key by clicking on Finish
      
      
      

...