Prerequisites
- YubiKey that supports PIV (e.g. YubiKey 4)
- YubiKey Manager
- VNC Server configured for Certificate Authentication
- X.509 certificate, e.g. provisioned by Active Directory Certificate Services (ADCS)
Set up the YubiKey
If you have not used your YubiKey before, or would like to reset everything to start over, start with the First Time Setup section.
Otherwise, if you have a configured YubiKey and want to update/replace the certificates stored on the YubiKey, please skip to the Configuring Certificates section.
First Time Setup
Factory reset
- Open YubiKey Manager
- Click Applications, PIV
- Click Reset PIV
- When prompted, click Yes to confirm the reset
Set a PIN
- Open YubiKey Manager
- Click Applications, PIV
- Click Configure PINs
- Click Change PIN
- Tick Use default
- Enter and confirm the PIN you would like to use (this must be between 6 and 8 characters)
- Click Change PIN
Set a Management Key
- Open YubiKey Manager
- Click Applications, PIV
- Click Configure PINs
- Click Change Management Key
- Tick Use default and Protect with PIN
- Click Generate
- Click Finish
- Enter your PIN and click OK
Set a PUK
- Open YubiKey Manager
- Click Applications, PIV
- Click Configure PINs
- Click Change PUK
- Tick Use default
- Enter and confirm the PUK you would like to use (this must be between 6 and 8 characters)
- Click Change PUK
Configuring Certificates
Obtain a certificate
Please see Create a suitable X.509 certificate for the VNC Viewer user
Import a user certificate to the YubiKey
The below steps can be used instead of Provision the device with the certificate
- Open YubiKey Manager
- Click Applications, PIV
- Click Configure Certificates
- Click Authentication (Slot 9a)
- Click Import
- Browse to the location of your certificate and Select the exported file. If the certificate was exported with a password, you will be prompted to enter the password you used for the export.
- Enter your YubiKey PIN
- The certificate will be imported
- Unplug the YubiKey and plug it back in to make the certificate ready for use
Connect to VNC Server
- Connect to a VNC Server that has been configured to use Certificate Authentication
- VNC Viewer will automatically detect the certificate on your YubiKey. You will be prompted to enter the PIN for your YubiKey to use the certificate
- You're connected!
Comments
Article is closed for comments.