Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 72 Next »

Prerequisites

  • Active Directory account
  • Windows domain-bound machine (necessary for Step 2)

    • Logged in as the account that will appear on the certificate

      Find someone on Systems or IA team

    • Account is member of CLAWS managed group its-certs-smartcard

      • Once added, you need to logout and login after to be part of the group
        OR

      • Connect to a remote machine to perform Step 2

Enrollment

The PIN and Management Key will be needed to configure each certificate.

  1. Go back to Applications and then PIV

    1. Click on Configure Certificates

    2. Click on Authentication (Slot 9a) and then Generate

      Authentication (Slot 9a) and Key Management (Slot 9d) can be used if more than 1 cert is needed (ala -admin)

    3. Check the radio for Certificate Signing Request and then click Next

    4. Select RSA2048 and then click on Next
        
    5. Input a decent subject text (ala username) and then click on Next
    6. The next page gives you a summary of what you've done. When you click Generate, it will open a save dialog to save the .csr file.


  2. Request the Certificate from the Active Directory Certificate Authority

    Open PowerShell and navigate to where you saved the .csr file

    cd <directory where csr file is saved>

    Run the following command to request a certificate from ADCS. You will need to click on RIT AD Signing CA (Kerberos) - itscaad01.ad.rit.edu when the popup appears.

    certreq -submit -attrib "CertificateTemplate:YubicoSC" <csr file> <crt file>


    You may see the following message:

    Certificate retrieved(Issued) Issued  Invalid Issuance Policies:  1.3.6.1.4.1.311.21.8.1243817.6959666.9847190.948791.4713993.230.1.401

    Disregard the Invalid Issuance Policies for now. As long as you get Certificate retrieved(Issued), you will be good to continue moving forward.

  3. Once .crt file is obtained successfully, go back to YubiKey Manager application
    1. If you closed the application, go to ApplicationsPIV Configure CertificatesAuthentication
    2. Click on Import
    3. A dialog box will pop up to select the .crt file from Step 5.
    4. Once the certificate is imported, you'll see the details populated in the application


  • No labels