II. YubiKey Smartcard Setup via Self-Signed Certificate (YubiKey Manager)

Owned by Tony Lam
Last updated: Mar 06, 2024 by Logan Walsh

Enrollment

The PIN and Management Key will be needed to configure each certificate.

  1. Go back to Applications and then PIV

    1. Click on Configure Certificates

    2. Click on Authentication (Slot 9a) and then Generate

      Authentication (Slot 9a) and Key Management (Slot 9d) can be used if more than 1 cert is needed (ala -admin)

    3. Check the radio for Self-signed Certificate and then click Next

    4. Select RSA2048 and then click on Next
        
    5. Input a decent subject text (ala username) and then click on Next

    6. Input a reasonable expiration time

      Current implementation does not care about expiration, so have fun with the date.

      For example, I chose my expected retirement date (not reflected in the picture below).


    7. The next page gives you a summary of what you've done. Click Generate whenever you are ready.
    8. You should then see the certificate in the slot you specified
  2. Once complete, remove and re-insert the YubiKey for the certificate to be seen (specifically in Windows).