Versions Compared

Old Version 72

changes.mady.by.user Tony Lam

Saved on

compared with

New Version Current

changes.mady.by.user Tony Lam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attestation

  1. Insert YubiKey

  2. Open a local Terminal (Linux/Mac) or PowerShell (Windows).

    Expand
    titleWindows

    Windows: Run the following to adding the Yubikey Manager cli tools to environment PATH

    Note

    Note: you must close and re-open your PowerShell for these to be picked up


    Code Block
    #User Level
$newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::User)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::User)


    Note

    Note: you must close and re-open your PowerShell for these to be picked up



  3. Run the following command to attest the certificate in slot 9a (You will need to rerun for other slots, like 9d)

    Note

    Linux users will need to locate the AppImage and execute ykman command as argument


    Code Block
    ykman piv keys attest 9a <path to save attested certificate>
---
Example:
(Windows) ykman piv keys attest 9a %USERPROFILE%\%USERNAME%$env:HOMEPATH\$env:USERNAME-attest.pem
(Linux) yubikey-manager-qt-***-linux.AppImage ykman piv keys attest 9a $HOME/$USER-attest.pem
(Mac) /Applications/YubiKey\ Manager.app/Contents/MacOS/ykman piv keys attest 9a $HOME/$USER-attest.pem



    1. Expand
      titleThis step only needed if requested from cpu.rit.edu

      Run the following to pull the intermediate certificate from slot f9

      Note

      Linux users will need to locate the AppImage and execute ykman command as argument


      Code Block
      ykman piv certificates export f9 <path to save attested certificate>
---
Example:
(Windows) ykman piv certificates export f9 %USERPROFILE%\yubico-intermediate-ca.pem
(Linux) yubikey-manager-qt-***-linux.AppImage ykman piv certificates export f9 $HOME/yubico-intermediate-ca.pem
(Mac) /Applications/YubiKey\ Manager.app/Contents/MacOS/ykman piv certificates export f9 $HOME/yubico-intermediate-ca.pem



  4. Print the contents of the ($username-attest.pem).

    Code Block
    (Windows) Get-Content $env:HOMEPATH\$env:USERNAME-attest.pem
(Linux/Mac) cat $HOME/$USER-attest.pem


  5. This step is mainly required for access to Linux servers.
    Paste all the contents of the file ($username-attest.pem), including the "BEGIN/END" statements, into the website below.

    Warning

    Students: Please log in with your student employee account.


    Note

    This is still being tested, but we are using this for now.

    Open in New Tab/Window: https://cpu.rit.edu/yubikey 

    Expand

    3/18/2022 - (Used for testing only):  Open in New Tab/Window: https://cpu.rit.edu/yubikey 

    Paste all the contents of the file, including the "BEGIN/END" statements

    If submitting multiple certs, each certificate must be merged before new can be added (I believe this is true, needs verification)


    Please inform someone from Operations (Infrastructure Apps/Networks/Systems) that you've uploaded a certificate.
    This step may require a face-to-face meeting or camera-enabled Zoom meeting.