How do I use a YubiKey to connect to a VNC Server using Certificate authentication?

Follow

Prerequisites

Set up the YubiKey

If you have not used your YubiKey before, or would like to reset everything to start over, start with the First Time Setup section.

Otherwise, if you have a configured YubiKey and want to update/replace the certificates stored on the YubiKey, please skip to the Configuring Certificates section.

First Time Setup

Factory reset

  1. Open YubiKey Manager
  2. Click Applications, PIV
  3. Click Reset PIV
  4. When prompted, click Yes to confirm the reset

Set a PIN

  1. Open YubiKey Manager
  2. Click Applications, PIV
  3. Click Configure PINs
  4. Click Change PIN
  5. Tick Use default
  6. Enter and confirm the PIN you would like to use (this must be between 6 and 8 characters)
  7. Click Change PIN
    image2021-2-18_10-16-27.png

Set a Management Key

  1. Open YubiKey Manager
  2. Click Applications, PIV
  3. Click Configure PINs
  4. Click Change Management Key
  5. Tick Use default and Protect with PIN
  6. Click Generate
  7. Click Finish
  8. Enter your PIN and click OK
    image2021-2-18_10-21-33.png

Set a PUK

  1. Open YubiKey Manager
  2. Click Applications, PIV
  3. Click Configure PINs
  4. Click Change PUK
  5. Tick Use default
  6. Enter and confirm the PUK you would like to use (this must be between 6 and 8 characters)
  7. Click Change PUK
    image2021-2-18_10-36-23.png

Configuring Certificates

Obtain a certificate

Please see Create a suitable X.509 certificate for the VNC Viewer user

Import a user certificate to the YubiKey

The below steps can be used instead of Provision the device with the certificate

  1. Open YubiKey Manager
  2. Click Applications, PIV
  3. Click Configure Certificates
  4. Click Authentication (Slot 9a)
  5. Click Import
  6. Browse to the location of your certificate and Select the exported file. If the certificate was exported with a password, you will be prompted to enter the password you used for the export.
  7. Enter your YubiKey PIN
  8. The certificate will be imported
    image2021-2-18_12-57-8.png
  9. Unplug the YubiKey and plug it back in to make the certificate ready for use

Connect to VNC Server

  1. Connect to a VNC Server that has been configured to use Certificate Authentication
  2. VNC Viewer will automatically detect the certificate on your YubiKey. You will be prompted to enter the PIN for your YubiKey to use the certificate
    mceclip0.png
  3. You're connected!
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.