Certificates: PIV

Add and manage certificates

To add a certificate to one of the PIV application slots, do the following:

  1. Plug your YubiKey into your device, click the menu icon in the upper left corner of the app, and select Certificates.

    To connect via NFC on desktop, click the NFC icon in Yubico Authenticator and place your YubiKey on top of a desktop NFC reader. The key must maintain constant contact with the reader throughout the operation.

    _images/certificates.jpg

  2. Select a slot and click Import file under Actions.

    To find the Actions menu in a narrow app window, click the three dots in the upper right corner of the app.

  3. Enter the PIV management key when prompted and click Unlock.

  4. Select the certificate file on your device and click Choose (or similar).

Manage the PIN, PUK, and Management Key

For YubiKey Bio Series Multi-protocol Edition keys, the FIDO2 application and the PIV application share a PIN. Therefore, performing the “Change PIN” action on the Passkeys, Fingerprints, or Certificates screen modifies the same credential.

To change the PIN, do the following:

  1. Plug your YubiKey into your device, click the menu icon in the upper left corner of the app, and select Certificates.

    To connect via NFC on desktop, click the NFC icon in Yubico Authenticator and place your YubiKey on top of a desktop NFC reader. The key must maintain constant contact with the reader throughout the operation.

  2. Select Change PIN under Manage.

    To find the Manage menu in a narrow app window, click the three dots in the upper right corner of the app.

  3. Enter your current PIN.

  4. Enter a new PIN.

    Note

    PIN requirements depend on your YubiKey’s model, firmware version, and PIN complexity enforcement.

  5. Enter the new PIN again to confirm and click Save.

    _images/change-piv-pin.jpg