Supported hardware tokens
The following hardware tokens are formally qualified by DigiCert:
SafeNet/Gemalto eToken 5100, 5110
Yubico Yubikey NFC 5
Nota
Other hardware tokens may work. However, they are not formally qualified by DigiCert.
SafeNet and Yubico tokens require you to install their corresponding driver software before using the token. The following resources may be useful during this installation process:
Yubico PIV Tool (prerequisite for using Yubikey)
Yubico-PIV-tools: Version 2.4.0 required
YubiKey Manager: Version 1.2.3 or higher required
Note: DigiCert provides the above third-party URLs as a convenient way to find required software and installation instructions. While DigiCert strives to identify reputable third-party sources as a convenience to our customers, we are not responsible for and make no representations about the content or availability of any third-party URLs.
Initialize your Yubico token
To initialize your Yubico token, you need to set:
User PIN
User PUK
Management Key → This needs to be additionally protected by User PIN.
On Yubi Manager while setting Management Key and user needs to select the Protect with PIN checkbox.
Latest Yubico tokens might give you an option to select Algorithm while you Set/Change your Management Key. Select Algorithm as TDES and proceed.