Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 30 Next »

Overview

This process outlines how to attest the certificates on the Yubikey with the Yubico provided certifcate in slot f9.

Prerequisites

  • YubiKey 4 and newer
  • Yubikey Manager


Process

Attestation

  1. Install Yubikey Manager.

     Linux

    You should install yubikey-manager from your package manager.

    RHEL: You may also need to install EPEL

  2. Insert YubiKey

  3. Open a Terminal (Linux/Mac) or PowerShell (Windows).

     Windows

    Windows: Run the following to adding the Yubikey Manager cli tools to environment PATH

    Note: you must close and re-open your terminal for these to be picked up

    #Machine Wide (must be run with Administrative privileges)
$newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
 
#User Level
$newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::User)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::User)

  4. Run the following command to attest the certificate in slot 9a

    ykman piv keys attest 9a <path to save attested certificate>
---
Example:
(Windows) ykman piv keys attest 9a C:\Users\axl\Desktop\axlits-attest.pem
(Linux) ykman piv keys attest 9a /home/axl/Desktop/axlits-attest.pem
(Mac) ykman piv keys attest 9a /Users/axl/Desktop/axlits-attest.pem

  5. Run the following to pull the intermediate certificate from slot f9

    ykman piv certificate export f9 <path to save attested certificate>
---
Example:
(Windows) ykman piv certificates export f9 C:\Users\axl\Desktop\yubico-intermediate-ca.pem
(Linux) ykman piv certificates export f9 /home/axl/Desktop/yubico-intermediate-ca.pem
(Mac) ykman piv certificates export f9 /Users/axl/Desktop/yubico-intermediate-ca.pem
  6. Upload <path to save attested certificate> to appropriate location/persons.
    3/18/2022 - BETA ONLY:  go here https://cpu.rit.edu/yubikey 

    Maybe This (TBD)
    Or maybe this? (BETA)
  • No labels