Creating yubikey SSH and TLS certificates Recently yubikeys were shown to have a hardware flaw in the way the generated private keys. This affects the use of them to provide PIV identies or SSH keys. However, you can generate the keys externally, and load them to the key to prevent this issue. SSH First, we'll create a new NSS DB on an airgapped secure machine (with disk encryption or in memory storage!) certutil -N -d . -f pwdfile.txt Now into this, we'll create a self-signed cert valid for ...
