Most secure installations will contain administrator login keys on an external token rather than storing them as soft key stores on the local machine. YubiKey adds a physical layer of security to EJBCA's certificate-based authentication for administrators. Generating and storing keys on the device protects against software-based attacks like malware and keyloggers.
In this tutorial, you will learn how to set up secure login with a YubiKey on MacOS and use it to log in to the EJBCA CA UI. For more information on Yubico, see www.yubico.com.
💡 This tutorial shows the configuration steps on MacOS. For Windows, see • Secure Login with Yubi... .
📚 The tutorial covers these steps:
3:32 Create Key Pair on YubiKey
6:24 Enroll the YubiKey to EJBCA
7:05 Import Certificate to YubiKey
2:32 Configure Firefox to use YubiKey
7:26 Configure Access Rights in EJBCA
💡 Prerequisites
Before you begin, you need:
A running EJBCA instance with an active Certificate Authority (CA) with the appropriate profiles to issue client certificates, and an authentication certificate to log in to EJBCA as an RA Admin to issue certificates. To get started, see • Get started with EJBCA... .
The OpenSC PKCS#11 implementation, see OpenSC.
The YubiKey Manager, either YubiKey Manager UI or Yubikey Manager CLI.
A compatible browser, Firefox or Chrome is recommended.
Download
EJBCA on Docker Hub: hub.docker.com...
EJBCA on GitHub: github.com/Key...
Documentation
Full tutorial:
docs.keyfactor...
ℹ️ About the Keyfactor Community
As a pioneer in open-source cryptography, PKI, and signing, Keyfactor offers Bouncy Castle cryptographic APIs, the open-source certificate authority software EJBCA Community, and the open-source signing software SignServer Community. Join the Keyfactor Community, a hub for engineers, developers, and security experts seeking relevant solutions for cryptography, certificates, PKI, and signing while prototyping or testing their products and applications. The Keyfactor Community is a part of Keyfactor. Read more on www.keyfactor.....
🔗 For more information:
Visit the website: www.ejbca.org/
Sign up for our newsletter: www.ejbca.org/...
Follow us on X (Twitter): / keyfactorcomm
15 окт 2024