1. Home
  2. /
  3. Secure Login with YubiKey to EJBCA PKI

Secure Login with YubiKey to EJBCA PKI

In most secure installations, administrator login keys are stored on an external token, such as YubiKey, rather than in soft key stores on the local machine. 

hero-sub-2
Yubico Logo Small (PNG)

YubiKey provides an additional physical layer of security

EJBCA requires certificate-based authentication for administrators. YubiKey provides an additional physical layer of security. Since the keys are generated and stored on the device, they are less vulnerable to software-based attacks such as malware or keyloggers that can compromise keys stored on the local machine.

How to get started

These are the steps to install and get going with Yubico's YubiKey and EJBCA. For more detailed information, follow the tutorial video or our documentation.

  • Create Key Pair on YubiKey
  • Enroll the YubiKey to EJBCA
  • Import Certificate to YubiKey
  • Configure Firefox to use YubiKey
  • Configure Access Rights in EJBCA

Tutorial for Windows users

Tutorial for MacOS users

Prerequisites

To get going, you need to have the following installed on your workstation:

The tutorial has been developed using Firefox and YubiKey Manager on macOS.

Documentation

Tutorials/documentation

Documentation

Check out the supplementary documentation that goes hand-in-hand with our tutorial video. 

Docker Hub

Get your hands on the EJBCA Docker container by downloading it now from Docker Hub.

YouTube

Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.

Discuss

You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.