Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 35 Next »

Overview

This process outlines how to attest the certificates on the Yubikey with the Yubico provided certifcate in slot f9.

Prerequisites

  • YubiKey 4 and newer
  • Yubikey Manager

Process

Attestation
  1. Insert YubiKey

  2. Open a Terminal (Linux/Mac) or PowerShell (Windows).

     Windows

    Windows: Run the following to adding the Yubikey Manager cli tools to environment PATH

    Note: you must close and re-open your terminal for these to be picked up

    #Machine Wide (must be run with Administrative privileges)
$newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
 
#User Level
$newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::User)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::User)

  3. Run the following command to attest the certificate in slot 9a

    Linux users will need to locate the AppImage and execute ykman command as argument


    ykman piv keys attest 9a <path to save attested certificate>
---
Example:
(Windows) ykman piv keys attest 9a C:\Users\axl\Desktop\axlits-attest.pem
(Linux) yubikey-manager-qt-***-linux.AppImage ykman piv keys attest 9a /home/axl/Desktop/axlits-attest.pem
(Mac) ykman piv keys attest 9a /Users/axl/Desktop/axlits-attest.pem

  4. Run the following to pull the intermediate certificate from slot f9

    ykman piv certificate export f9 <path to save attested certificate>
---
Example:
(Windows) ykman piv certificates export f9 C:\Users\axl\Desktop\yubico-intermediate-ca.pem
(Linux) yubikey-manager-qt-***-linux.AppImage ykman piv certificates export f9 /home/axl/Desktop/yubico-intermediate-ca.pem
(Mac) ykman piv certificates export f9 /Users/axl/Desktop/yubico-intermediate-ca.pem
  5. Upload <path to save attested certificate> to appropriate location/persons.
    3/18/2022 - (Used for testing only):  go here https://cpu.rit.edu/yubikey 

    Maybe This (TBD)
    Or maybe this? (BETA)
  • No labels