Yubico Forum

View unanswered posts | View active topics

Board index » Yubikey » YubiKey 4

All times are UTC + 1 hour

[Q?] How to use YK4 PIV certificates in Firfox, MacOS ElCapt

Page 1 of 1

[ 2 posts ]

Print view

Previous topic | Next topic

Author

Message

BjoKa

Post subject: [Q?] How to use YK4 PIV certificates in Firfox, MacOS ElCapt

Posted: Sun Oct 16, 2016 6:10 pm

Joined: Sun Oct 16, 2016 4:07 pm
Posts: 1

Dear All,

(first post here, hope I got the right forum)

I have troubles making Firefox recognize certificates stored in the PIV applet of my YubiKey-4.
Neither Google nor looking through the topics in this forum provided a solution.

I have a YubiKey-4 (YK4), PIV applet version 4.3.1 (see below for further system details), and followed the examples found here: https://developers.yubico.com/yubico-piv-tool/ to load two PKCS12 certificates and keys into the four slots available on the YK4. The certificates are from StartSSL and have been originally created in Firefox running on Ubuntu 16.04

yubico-piv-tool -a status shows the certificates as expected.

The YubiKey correctly shows up in Mac OS X KeyChain as "PIV-...". All loaded certificates are visible and shown as "valid". I can display certificate details in KeyChain as expected, see attachment #2.

Problem (1) (possibly expected behaviour):
Firefox does not see the YubiKey as visible in KeyChain. It does not show up under security (or crypto) modules.
Judging from Mozilla's bug tracker, this may be expected behaviour.

Problem (2):
Using the libykcs11 (as installed from here: https://www.yubico.com/support/knowledge-base/categories/articles/piv-tools/) I can get Firefox to at least list the YubiKey as a crypto module. I can even login to the key if (and only if) I insert the YK4 before I start Firefox (see attachment #1). However, no matter if logged in or not, none of the four certificates loaded into the PIV applet shows up in any of the certificate lists accessible in Firefox's certificate manager.

Question:
How can I (1) either make the certificates stored in the PIV applet of the YK4 visible, and usable for authentication purpose, in Firefox on Mac OS El Captain, using libykcs11 (or any other pkcs11 library)?
Or (2) make Firefox recognize certificates stored on a YK4 through the MacOS KeyChain system?

System details:
OS: MacOS 10.11.6 "El Captain" Note: Any suggestion to upgrade to MacOS Sierra will not be considered a solution. Sierra is not acceptable to me.
Firefox: 49.0.1
OpenSC: 0.16.0 (for MacOS El Captain)
SmartCardService: 2.1.2 (for OSX 10.11)
yubico-piv-tool-1.4.2-mac
yubikey-piv-manager-1.4.0-mac

Any hint is much appreciated

Attachments:

File comment: Firefox showing loaded yubikey crypto module

Firefox-crypto-modules.png [ 60.64 KiB | Viewed 1359 times ]

File comment: Screen shot: MacOS KeyChain with certificates on YubiKey-4

MacOSX-KeyChain-YubicoPIV.jpg [ 85.97 KiB | Viewed 1359 times ]

Top

Share On:
	Facebook		Twitter		Tumblr		Google+

LIV2

Post subject: Re: [Q?] How to use YK4 PIV certificates in Firfox, MacOS El

Posted: Sat Jan 21, 2017 7:29 am

Joined: Sat Jan 21, 2017 7:26 am
Posts: 1

Old post I know, but to get this working on firefox I had to install OpenSC and use their module in firefox
https://github.com/OpenSC/OpenSC/wiki/I ... ep-by-Step

Top

Page 1 of 1

[ 2 posts ]

Board index » Yubikey » YubiKey 4

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

[Q?] How to use YK4 PIV certificates in Firfox, MacOS ElCapt

Share On:

Who is online