EV Code Signing Certificate: Install the Certificate

Install the YubiKey Minidriver

• download the latest Yubikey Minidriver (Windows x86 Installer)
• run the command line:

msiexec /i YubiKey-Minidriver-{version}-x64.msi INSTALL_LEGACY_NODE=1 /quiet

Import the certificate onto the YubiKey NFC FIPS

• open YubiKey Manager and go to "Applications", then click "PIV"
• from there, select the "Configure Certificates" option
• choose the tab corresponding to the YubiKey slot where the key pair was generated e.g. Authentication (Slot 9a)
• in the next step, click on the "Import" button and choose the certificate file e.g. user.crt
• access the management key for your YubiKey, if prompted (use default). Now, click "OK"
  • your YubiKey's Default management key is 010203040506070801020304050607080102030405060708
  • your YubiKey's Default PIN is 123456
• your YubiKey will now have the new EV code signing certificate installed there

Import the YubiKey certificate into the Windows Certificate Manager

• run the command line:

certutil -scinfo

• enter YubiKey PIN e.g. 123456
• when the certificate list dialog shows, click "Click here to view certificate properties"
• in the certificate dialog, click "Install Certificate..."
• choose Store Location "Current User", click "Next"
• choose "Automatically select the certificate store based on the type of certificate", click "Next"
• click "Finish"