Using Yubico tokens
Prerequisites
Install Yubico PIV tool version 2.4.0 or higher in the default directory.
For Windows: C:\Program Files\Yubico\Yubico PIV Tool\
For macOS: /usr/local/ (User should have no option to choose)
Install YubiKey Manager version 1.2.3 or higher in the default directory.
For Windows: C:\Program Files\Yubico\YubiKey Manager\
For macOS: /Applications/YubiKey Manager.app/ (User should have no option to choose)
Install YubiKey Smart Card Minidriver version 4.6.3.252 or higher for Windows only.
Note
DigiCert provides the above third-party URLs as a convenient way to find the required software and installation instructions. While DigiCert strives to identify reputable third-party sources as a convenience to our customers, we are not responsible for and make no representations about the content or availability of any third-party URLs.
Initialize your Yubico token
To initialize your Yubico token, you need to set:
User PIN
User PUK
Management Key → This needs to be additionally protected by User PIN.
On Yubi Manager while setting Management Key and user needs to select the Protect with PIN checkbox.
Latest Yubico tokens might give you an option to select Algorithm while you Set/Change your Management Key. Select Algorithm as TDES and proceed.
Note
For certificates enrolled on Yubico tokens, if your application is not displaying these certificates, try removing and reinserting the token.
Restriction
Yubico tokens cannot import Certificate Authorities (CA) because each slot is limited to storing one certificate.