...
- Go back to Applications and then PIV
- Click on Configure Certificates
Click on Authentication (Slot 9a) and then Generate
Note Authentication (Slot 9a) and Key Management (Slot 9d) can be used if more than 1 cert is needed (ala -admin)
- Check the radio for Certificate Signing Request and then click Next
- Select RSA2048 and then click on Next
- Input a decent subject text (ala username) and then click on Next
- The next page gives you a summary of what you've done. When you click Generate, it will open a save dialog to save the .csr file.
- Click on Configure Certificates
Request the Certificate from the Active Directory Certificate Authority
Note This Step Requires:
- Domain Bound Windows machine
- Logged in as user you are attempting to request cert for (you can leverage RDP with USB forwarding to a bastion host)
- Membership into CN=its-certs-smartcard,OU=AMS,OU=Groups,OU=RITusers,DC=main,DC=ad,DC=rit,DC=edu
- which nests into CN=ITS_Certs_SmartCard,OU=CA Template Delegation,OU=SensitiveContainers,DC=ad,DC=rit,DC=edu
Open PowerShell and navigate to where you saved the .csr fileCode Block cd <directory where csr file is saved>
Run the following command to request a certificate from ADCS. You will need to click on RIT AD Signing CA (Kerberos) - itscaad01.ad.rit.edu when the popup appears.
Code Block certreq -submit -attrib "CertificateTemplate:YubicoSC" <csr file> <crt file>
- Once .crt file is obtained successfully, go back to YubiKey Manager application
- If you closed the application, go to Applications > PIV > Configure Certificates > Authentication
- Click on Import
- A dialog box will pop up to select the .crt file from Step 5.
- Once the certificate is imported, you'll see the details populated in the application
