Overview
This process outlines how to attest the certificates on the Yubikey with the Yubico provided certifcate in slot f9.
Prerequisites
- YubiKey 4 and newer
- Yubikey Manager
Process
Attestation
- Insert YubiKey
Open a Terminal (Linux/Mac) or PowerShell (Windows).
Run the following command to attest the certificate in slot 9a
Linux users will need to locate the AppImage and execute ykman command as argument
ykman piv keys attest 9a <path to save attested certificate> --- Example: (Windows) ykman piv keys attest 9a C:\Users\axl\Desktop\axlits-attest.pem (Linux) yubikey-manager-qt-***-linux.AppImage ykman piv keys attest 9a /home/axl/Desktop/axlits-attest.pem (Mac) ykman piv keys attest 9a /Users/axl/Desktop/axlits-attest.pem
Run the following to pull the intermediate certificate from slot f9
Linux users will need to locate the AppImage and execute ykman command as argument
ykman piv certificate export f9 <path to save attested certificate> --- Example: (Windows) ykman piv certificates export f9 C:\Users\axl\Desktop\yubico-intermediate-ca.pem (Linux) yubikey-manager-qt-***-linux.AppImage ykman piv certificates export f9 /home/axl/Desktop/yubico-intermediate-ca.pem (Mac) ykman piv certificates export f9 /Users/axl/Desktop/yubico-intermediate-ca.pem
- Upload <path to save attested certificate> to appropriate location/persons.
3/18/2022 - (Used for testing only): go here https://cpu.rit.edu/yubikey
Maybe This (TBD)
Or maybe this? (BETA)