Overview
This process outlines how to attest the certificates on the Yubikey with the Yubico provided certifcate in slot f9.
Prerequisites
- YubiKey 4 and newer
- Yubikey Manager
- Download direct from Yubico: https://www.yubico.com/support/download/yubikey-manager/#h-downloads
- Windows
- Mac
- Linux
Process
Attestation
Install Yubikey Manager.
- Insert YubiKey
Open a Terminal (Linux/Mac) or PowerShell (Windows).
Run the following command to attest the certificate in slot 9a
ykman piv keys attest 9a <path to save attested certificate> --- Example: (Windows) ykman piv keys attest 9a C:\Users\axl\Desktop\axlits-attest.pem (Linux) ykman piv keys attest 9a /home/axl/Desktop/axlits-attest.pem (Mac) ykman piv keys attest 9a /Users/axl/Desktop/axlits-attest.pem
Run the following to pull the intermediate certificate from slot f9
ykman piv certificate export f9 <path to save attested certificate> --- Example: (Windows) ykman piv certificate export f9 C:\Users\axl\Desktop\yubico-intermediate-ca.pem (Linux) ykman piv certificate export f9 /home/axl/Desktop/yubico-intermediate-ca.pem (Mac) ykman piv certificate export f9 /Users/axl/Desktop/yubico-intermediate-ca.pem
- Upload <path to save attested certificate> to appropriate location/persons.
3/18/2022 - BETA ONLY: go here https://cpu.rit.edu/yubikey
Maybe This (TBD)
Or maybe this? (BETA)