From 1f5fa49ba314139f4b47b638e1c1fa736ef5dc87 Mon Sep 17 00:00:00 2001 From: Oscar Date: Tue, 28 Jun 2016 17:07:10 -0700 Subject: [PATCH 1/3] Supplying --key at the generate command Supply the management key value during generate key if it has ever been modified --- doc/Windows_certificate.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Windows_certificate.adoc b/doc/Windows_certificate.adoc index a25fd64..192929e 100644 --- a/doc/Windows_certificate.adoc +++ b/doc/Windows_certificate.adoc @@ -18,6 +18,7 @@ Steps 1. Generate the key: yubico-piv-tool -s 9a -a generate -o public.pem + (if the management key has been modified, also, supply --key at the end like: yubico-piv-tool -s 9a -a generate -o public.pem --key) 2. Request a certificate: From 2325734150d08109b45a4dede3f4ad57ca222530 Mon Sep 17 00:00:00 2001 From: Oscar Date: Tue, 28 Jun 2016 17:30:56 -0700 Subject: [PATCH 2/3] Update Windows_certificate.adoc --- doc/Windows_certificate.adoc | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/doc/Windows_certificate.adoc b/doc/Windows_certificate.adoc index 192929e..ea58125 100644 --- a/doc/Windows_certificate.adoc +++ b/doc/Windows_certificate.adoc @@ -16,9 +16,10 @@ Steps ----- 1. Generate the key: - - yubico-piv-tool -s 9a -a generate -o public.pem - (if the management key has been modified, also, supply --key at the end like: yubico-piv-tool -s 9a -a generate -o public.pem --key) + (--key[=STRING] is needed if the management key value is not the default value) + + yubico-piv-tool -s 9a -a generate -o public.pem --key[=STRING] + 2. Request a certificate: @@ -31,10 +32,12 @@ Steps certreq -submit -attrib "CertificateTemplate:User" request.csr cert.crt 4. Load the certificate in the: + (--key[=STRING] is needed if the management key value is not the default value) - yubico-piv-tool -s 9a -a import-certificate -i cert.crt + yubico-piv-tool -s 9a -a import-certificate -i cert.crt --key[=STRING] 5. For it to be useful in windows a chuid must be set as well: (only if that wasn't done earlier) + (--key[=STRING] is needed if the management key value is not the default value) - yubico-piv-tool -a set-chuid + yubico-piv-tool -a set-chuid --key[=STRING] From 45ca5e3ecbc89171a4a200421069a608a166774a Mon Sep 17 00:00:00 2001 From: Oscar Date: Tue, 28 Jun 2016 17:39:11 -0700 Subject: [PATCH 3/3] Update Windows_certificate.adoc --- doc/Windows_certificate.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/Windows_certificate.adoc b/doc/Windows_certificate.adoc index ea58125..ffdf6d2 100644 --- a/doc/Windows_certificate.adoc +++ b/doc/Windows_certificate.adoc @@ -16,7 +16,7 @@ Steps ----- 1. Generate the key: - (--key[=STRING] is needed if the management key value is not the default value) + (--key[=STRING] is needed if the management key value is no longer the default value) yubico-piv-tool -s 9a -a generate -o public.pem --key[=STRING] @@ -38,6 +38,6 @@ Steps 5. For it to be useful in windows a chuid must be set as well: (only if that wasn't done earlier) - (--key[=STRING] is needed if the management key value is not the default value) + (--key[=STRING] is needed if the management key value is no longer the default value) yubico-piv-tool -a set-chuid --key[=STRING]