Skip to main content

Using Yubico tokens

Prerequisites

  • Install Yubico PIV tool version 2.4.0 or higher in the default directory.

    • For Windows: C:\Program Files\Yubico\Yubico PIV Tool\

    • For macOS: /usr/local/ (User should have no option to choose)

  • Install YubiKey Manager version 1.2.3 or higher in the default directory.

    • For Windows: C:\Program Files\Yubico\YubiKey Manager\

    • For macOS: /Applications/YubiKey Manager.app/ (User should have no option to choose)

Note

DigiCert provides third-party URLs on this page as a convenient resource for accessing required software and installation instructions. While we strive to recommend reputable third-party sources, DigiCert is not responsible for, nor can we guarantee, the content or availability of these URLs.

Initialize your Yubico token

To initialize your Yubico token, you need to set:

  • User PIN

  • User PUK

  • Management Key → This needs to be additionally protected by User PIN.

On Yubi Manager while setting Management Key and user needs to select the Protect with PIN checkbox.

Yubico1.png

Latest Yubico tokens might give you an option to select Algorithm while you Set/Change your Management Key. Select Algorithm as TDES and proceed.

Yubico2.png

Note

For certificates enrolled on Yubico tokens, if your application is not displaying these certificates, try removing and reinserting the token.

Restrictions

  • Yubico tokens cannot import Certificate Authorities (CA) because each slot is limited to storing one certificate.

  • When a certificate is deleted from DigiCert​​®​​ Trust Assistant, the private key associated with the certificate will not be removed from the token. The same restriction applies when using YubiKey Manager.

    Yubico_Restriction.png
  • When the Yubico token is used by the operating system or other third-party applications, it may lose connection with DigiCert​​®​​ Trust Assistant. Refer to the troubleshooting steps in the next section to resolve the issue.

Troubleshooting

For detailed troubleshooting information, see the section on Yubico tokens in Troubleshooting.