Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:15 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Thu Sep 15, 2016 11:41 am 
Offline

Joined: Thu Sep 15, 2016 9:57 am
Posts: 3
How do i issue a certificate onto to the yubikey 4 (without importing)?

test env:
windows server 2016 servers - DC & ADCS CA.
Windows 10 version 1607 (OS build 14393.0)
all machines are in a single AD domain.
YubiKey PIV manager - version 1.3.0. Library version ykpiv 1.4.2


I've read all the supporting documents, followed the instructions and still cannot get a certificate issued to the YubiKey 4.

Using PIV manager, it doesn't not recognise the user "is connected to a MS CA". The option to choose the MS CA doesn't appear. the win10 machine is connected to the domain. This error occurs is the user is a regular Domain user and a Domain Administrator.

using the "certificates" msc console. the YubiKey appears as read-only smart card. so the certificate can't be written to the YubiKey 4.

Any help is much appreciated.


Last edited by pkiguy78 on Fri Sep 16, 2016 9:08 am, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Sep 15, 2016 4:37 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
There was a post about this about a week ago - viewtopic.php?f=30&t=2412

Short answer - use 1.2.1 until 1.4.0 is released (likely early next week prior to the public macOS Sierra launch) - https://developers.yubico.com/yubikey-p ... Notes.html


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 15, 2016 6:38 pm 
Offline

Joined: Thu Sep 15, 2016 9:57 am
Posts: 3
Thanks. I've started using PIV-manager v1.2.1 I can now submit the CSR to the windows CA, however there's now more errors.

After removing and reinserting the YubiKey 4 the PIV application locked itself out. this has happened to 2 keys so far.

is there an easy way to unlock/reset/reset the YubiKey 4 so that it's PIV-enabled again using windows?

the yubico-piv-tool look like it's only for linux.


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 15, 2016 11:24 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
Yubico PIV Tool is available for OS X and Windows as well:

https://developers.yubico.com/yubico-piv-tool/Releases/

The difference is that you don't install it, you use Terminal (OS X) or Command Prompt (Windows), change directory to the folder's bin directory, and run the commands from there.

The PIV applet can also be reset from YubiKey PIV Manager (Manage device PINs) - lock out the PIN and PUK (this is already locked if you used the default options when initializing the applet with YubiKey PIV Manager), and then reset.


Top
 Profile  
Reply with quote  
PostPosted: Fri Sep 16, 2016 9:08 am 
Offline

Joined: Thu Sep 15, 2016 9:57 am
Posts: 3
Thanks again.

Very late last night I found the windows version after i had installed the Linux version using "bash for Ubuntu on win 10".


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group