SSL.com’s document signing and client authentication certificates are delivered on a secure YubiKey FIPS USB hardware token. To protect our customers’ information against the possible loss of their YubiKey, these certificates offer email signing but cannot be used for encryption or decryption. However, your certificate bundle includes a credit for a decryption-enabled S/MIME certificate that may be installed in your YubiKey for convenience.
The instructions illustrate how you can easily generate and import a PFX file with an encryption-enabled S/MIME certificate and private key into the Key Management slot (9d) of your YubiKey with the YubiKey Manager application. These procedures were documented on macOS Mojave but are also applicable to the Windows and Linux versions of YubiKey Manager.
Step 1: Generate and Download S/MIME Certificate and Private Key
Your certificate bundle includes an additional credit for an SSL.com S/MIME certificate. After ordering and validation, you will receive an email message with an activation link. Click the link.
Click the Generate Certificate button to generate a new certificate signing request (CSR), certificate, and private key.
Text fields containing the new CSR, certificate, and private key will appear.
Create a password of 6 characters or more, then click the Download button.
- Your new certificate and private key are now ready for installation on your YubiKey.
Step 2: Import Certificate and Private Key into YubiKey
Download and install the correct version of Yubikey Manager for your OS (Windows, macOS, or Linux).
Launch YubiKey Manager and insert your YubiKey into a USB port on your computer. YubiKey Manager will display information about your YubiKey.
Navigate to Applications > PIV in YubiKey Manager.
Click the Configure Certificates button.
Select the Key Management tab.
Click the Import button.
Navigate to the location of your PFX file and click the Import button. The filename will end in
Enter the password you created for the PFX file and click OK.
Enter the YubiKey management key and click OK. (Contact Support@SSL.com for your management key.)
You’re all done! YubiKey Manager should now show that the certificate and key are installed on the device.