move to .txt for consistency
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
Request and load a certificate from Windows CA
|
||||
----------------------------------------------
|
||||
|
||||
This is a short step-by-step on how to generate a key in the Neo,
|
||||
create a certificate request, submit that request to a Windows CA
|
||||
and then load the certificate in the Neo.
|
||||
|
||||
Prerequisites
|
||||
-------------
|
||||
|
||||
* a YubiKey Neo with the PIV applet loaded
|
||||
* the yubico-piv-tool software
|
||||
* credentials to request certs from a Windows CA
|
||||
|
||||
Steps
|
||||
-----
|
||||
|
||||
1. Generate the key:
|
||||
|
||||
yubico-piv-tool -s 9a -a generate -o public.pem
|
||||
|
||||
2. Request a certificate:
|
||||
|
||||
yubico-piv-tool -a verify-pin -P 123456 -s 9a -a request-certificate \
|
||||
-S "/CN=example/O=test/" -i public.pem -o request.csr
|
||||
|
||||
3. Submit the request to the Windows CA:
|
||||
(this step must be run on a windows machine that know about the CA)
|
||||
|
||||
certreq -submit -attrib "CertificateTemplate:User" request.csr cert.crt
|
||||
|
||||
4. Load the certificate in the Neo:
|
||||
|
||||
yubico-piv-tool -s 9a -a import-certificate -i cert.crt
|
||||
|
||||
5. For it to be useful in windows a chuid must be set as well:
|
||||
(only if that wasn't done earlier)
|
||||
|
||||
yubico-piv-tool -a set-chuid
|
||||
Reference in New Issue
Block a user