Now that you’ve received a new YubiKey FIPS token with your EV Code Signing certificate in the mail, you may be wondering just what to do next. This FAQ answers common questions you may have about how to get started with your new certificate and USB token.
To sign files with your EV Code Signing certificate, simply plug the token into your computer, follow your software’s steps for signing code, and enter your YubiKey PIN. For instructions on using Microsoft SignTool with your EV Code Signing certificate, please refer to this how-to: Using Your Code-Signing Certificate.
Signing kernel-mode and user-mode drivers in Windows 10 requires registration with the Windows Hardware Dev Center program. After you sign your driver with your EV certificate, it must be submitted to the Hardware Dev Center for signing by Microsoft. For complete information, please refer to Microsoft’s documentation:
• Kernel-Mode Code Signing Requirements
• Get started with the hardware dashboard program
• Register for the Hardware Program
Yes! To generate generate key pairs and manage certificates on your YubiKey with Windows, macOS, and Linux computers, you can use Yubico’s YubiKey Manager application. The upcoming 3.0 release of SSL.com’s SSL Manager will give Windows users the ability to securely generate key pairs, order EV Code Signing and Business Identity certificates, and install certificates directly on their YubiKey from the application.
Currently, all users wishing to install EV Code Signing and Business Identity certificates on their YubiKey should follow the instructions in the SSL.com how-to, Key Generation and Attestation with Yubikey.