Yubico Forum

As a relying party, we need to verify registration data when enrolling yubico token into our system.
Verification should be done using the public key certified in the attestation certificate. Unfortunately, that public key seems to be invalid.

This is the public key (decompressed value of EC point at P-256 curve) from the certificate:
042fe1a23effa55bff461d59a43522d79748981cba6d289a98f1bd7dff656680dbbbfdbc2bae607e6ef772f576b04d54c4e5f32f596f26e61115c7272cf6ca7594

Whole attestation certificate which is returned in registration response message follows:

-----BEGIN CERTIFICATE-----
MIICTzCCATegAwIBAgIEKtlq8zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZ
dWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAw
MDBaGA8yMDUwMDkwNDAwMDAwMFowMTEvMC0GA1UEAwwmWXViaWNvIFUyRiBFRSBT
ZXJpYWwgMjM5MjU3MzQ1MTY1NTAzODcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AAQv4aI+/6Vb/0YdWaQ1IteXSJgcum0ompjxvX3/ZWaA27v9vCuuYH5u93L1drBN
VMTl8y9ZbybmERXHJyz2ynWUozswOTAiBgkrBgEEAYLECgIEFTEuMy42LjEuNC4x
LjQxNDgyLjEuMjATBgsrBgEEAYLlHAIBAQQEAwIEMDANBgkqhkiG9w0BAQsFAAOC
AQEAhWr6i89P/2JfKRvBFY48/70lUrz3VwdT9RIdpqVNJMzP7ifO1qsxEowp/1tb
iQXdoCAXkx8fX1klk1lR/ABLy+IK3X2NBS+VQ7NJbBW4MQ4Qy9m7BTgnT1g+rR9F
EojD6nbQcK1E5Tr+qPItH3NiX/LVif4w3yZiy3y7fJlhgK3P6YpNASzzE0bNEXRq
WEjo/+3z4wzL2cHdIhZxsoOIYfZaRTYjtRjVVn+o8KPOEF308TlT4RTqWeCn8v5m
iGdDLlL9ai9k9zxIzZs48t+6LHpLOxEo3ybWaiT4ld2gthGA9BRPa3B1wxikmuCL
WNNq2x4wU2crF8Whn38KIvEOlA==
-----END CERTIFICATE-----

Also, we do not understand, why subject of the certificate is:
CN = Yubico U2F EE Serial 23925734516550387
while serial number is 718891763 (‎2a d9 6a f3 in hex). But this is not as serious as issue mentioned above.

Has anyone experienced similar problems?

The certificate you posted it seems to be corrupted. I've tracked down the real certificate with that serial number, and it looks like a few bits are wrong in both the public key and the signature.

Can you test the device against our demo server at demo.yubico.com/u2f ?
If that doesn't give you an error, then the certificate corruption must be happening on your end. If it does give you an error, please copy and paste it here.