Page Comparison

Overview

This process outlines how to attest the certificates on the Yubikey with the Yubico provided certifcate in slot f9.

Prerequisites

• YubiKey 4 and newer
• Yubikey Manager
• Download direct from Yubico: https://www.yubico.com/support/download/yubikey-manager/#h-downloads
Windows
• https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-win64.exe

Expand
title SCCM Software Center
Image Removed

• Mac
  • https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-mac.pkg
• Linux
  
  • Src - https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest.tar.gz

Process

Attestation

1. Install Yubikey Manager.

   Expand
   title Linux
   You should install yubikey-manager from your package manager. RHEL: You may also need to install EPEL

   
   

2. Insert YubiKey
   
   

3. Open a Terminal (Linux/Mac) or PowerShell (Windows).

   Expand
   title Windows
   Windows: Run the following to adding the Yubikey Manager cli tools to environment PATH Note Note: you must close and re-open your terminal for these to be picked up Code Block #Machine Wide (must be run with Administrative privileges) $newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine) [Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine) #User Level $newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::User) [Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::User)

   
   

4. Run the following command to attest the certificate in slot 9a

   Code Block
   ykman piv keys attest 9a <path to save attested certificate> --- Example: (Windows) ykman piv keys attest 9a C:\Users\axl\Desktop\axlits-attest.pem (Linux) ykman piv keys attest 9a /home/axl/Desktop/axlits-attest.pem (Mac) ykman piv keys attest 9a /Users/axl/Desktop/axlits-attest.pem

   
   

5. Run the following to pull the intermediate certificate from slot f9
   

   Code Block
   ykman piv certificate export f9 <path to save attested certificate> --- Example: (Windows) ykman piv certificates export f9 C:\Users\axl\Desktop\yubico-intermediate-ca.pem (Linux) ykman piv certificates export f9 /home/axl/Desktop/yubico-intermediate-ca.pem (Mac) ykman piv certificates export f9 /Users/axl/Desktop/yubico-intermediate-ca.pem

   
   

6. Upload <path to save attested certificate> to appropriate location/persons.
   3/18/2022 - BETA ONLY:  go here https://cpu.rit.edu/yubikey 
   
   Maybe This (TBD)
   Or maybe this? (BETA)