Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 58 Next »

Attestation

  1. Insert YubiKey

  2. Open a Terminal (Linux/Mac) or PowerShell (Windows).

     Windows

    Windows: Run the following to adding the Yubikey Manager cli tools to environment PATH

    Note: you must close and re-open your terminal for these to be picked up

    #User Level
$newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::User)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::User)

  3. Run the following command to attest the certificate in slot 9a

    Linux users will need to locate the AppImage and execute ykman command as argument

    ykman piv keys attest 9a <path to save attested certificate>
---
Example:
(Windows) ykman piv keys attest 9a %USERPROFILE%\%USERNAME%-attest.pem
(Linux) yubikey-manager-qt-***-linux.AppImage ykman piv keys attest 9a $HOME/$USER-attest.pem
(Mac) /Applications/YubiKey\ Manager.app/Contents/MacOS/ykman piv keys attest 9a $HOME/$USER-attest.pem

  4. Run the following to pull the intermediate certificate from slot f9

    Linux users will need to locate the AppImage and execute ykman command as argument

    ykman piv certificates export f9 <path to save attested certificate>
---
Example:
(Windows) ykman piv certificates export f9 %USERPROFILE%\yubico-intermediate-ca.pem
(Linux) yubikey-manager-qt-***-linux.AppImage ykman piv certificates export f9 $HOME/yubico-intermediate-ca.pem
(Mac) /Applications/YubiKey\ Manager.app/Contents/MacOS/ykman piv certificates export f9 $HOME/yubico-intermediate-ca.pem

  5. Provide certificates to Systems or IA team member.
    This step will require a face-to-face meeting or camera-enabled Zoom meeting.
    This step is mainly required for access to Linux servers.

    This is still being tested, but we are using this for now.

    Open in New Tab/Window: https://cpu.rit.edu/yubikey 

     Click here to expand...

    3/18/2022 - (Used for testing only):  Open in New Tab/Window: https://cpu.rit.edu/yubikey 

    Paste all the contents of the file, including the "BEGIN/END" statements

    If submitting multiple certs, each certificate must be merged before new can be added (I believe this is true, needs verification)


    Maybe This (TBD)

  • No labels