Using Yubico tokens
Prerequisites
Install Yubico PIV tool version 2.4.0 or higher in the default directory.
For Windows: C:\Program Files\Yubico\Yubico PIV Tool\
For macOS: /usr/local/ (User should have no option to choose)
Install YubiKey Manager version 1.2.3 or higher in the default directory.
For Windows: C:\Program Files\Yubico\YubiKey Manager\
For macOS: /Applications/YubiKey Manager.app/ (User should have no option to choose)
Install YubiKey Smart Card Minidriver version 4.6.3.252 or higher for Windows only.
You must initialize your token. Follow the instructions provided in Initialize your Yubico token.
Note
DigiCert provides third-party URLs on this page as a convenient resource for accessing required software and installation instructions. While we strive to recommend reputable third-party sources, DigiCert is not responsible for, nor can we guarantee, the content or availability of these URLs.
Initialize your Yubico token
To initialize your Yubico token, you need to set:
User PIN
User PUK
Management Key → This needs to be additionally protected by User PIN.
On Yubi Manager while setting Management Key and user needs to select the Protect with PIN checkbox.
Latest Yubico tokens might give you an option to select Algorithm while you Set/Change your Management Key. Select Algorithm as TDES and proceed.
Note
For certificates enrolled on Yubico tokens, if your application is not displaying these certificates, try removing and reinserting the token.
Restrictions
Yubico tokens cannot import Certificate Authorities (CA) because each slot is limited to storing one certificate.
When a certificate is deleted from DigiCert® Trust Assistant, the private key associated with the certificate will not be removed from the token. The same restriction applies when using YubiKey Manager.
When the Yubico token is used by the operating system or other third-party applications, it may lose connection with DigiCert® Trust Assistant. Refer to the troubleshooting steps in the next section to resolve the issue.
Troubleshooting
For detailed troubleshooting information, see the section on Yubico tokens in Troubleshooting.