Hi,
I'm trying to generate a CSR, following the instructions in
https://www.yubico.com/wp-content/uploa ... s_v1.0.pdf.
I generated a key before, using the YubiKey PIV Manager gui thingy. I then used both the gui, and the yubico-piv-tool (1.0.1) to export a pubkey:
Code:
yubico-piv-tool -a read-certificate -s 9c -o testkey.crt
OpenSSL happily parses the testkey.crt with -inform pem. However, yubico-piv-tool refuses to load the pubkey when trying to create a CSR:
Code:
$ yubico-piv-tool -a verify-pin -P 123456 -s 9c -a request-certificate -S "/CN=testkey/O=testorg/" -i testkey.crt -o testkey.csr --verbose=9
using reader 'Yubico Yubikey NEO OTP+U2F+CCID 00 00' matching 'Yubikey'.
> 00 a4 04 00 05 a0 00 00 03 08
< 61 11 4f 06 00 00 10 00 01 00 79 07 4f 05 a0 00 00 03 08 90 00
Action 'verify-pin' does not need authentication.
Action 'request-certificate' does not need authentication.
Now processing for action 'verify-pin'.
> 00 20 00 80 08 31 32 33 34 35 36 ff ff
< 90 00
Successfully verified PIN.
Now processing for action 'request-certificate'.
Failed loading public key for request.
I peeked into the yubico-piv-tool sources, but don't see an immediate reason why loading the pubkey would fail. Any clues?
Login
FAQ
Search
