With SES 9.0 SR4 comes the token key file protection that supports 256-bit ECC certificates on PIV (YubiKeys) To set this up please follow below steps
- Download new SES Server 9.0 SR4 Build 4 and onwards
- Use SES installer to update current SES
- In SES, go to user profile, select “YubiKey ECC Token” from list and upload certificate
- To enable certificate expiration check in SecureDoc Profile->Edit Manually in [SDSpace] section add new line "Enable_Certificate_Expiration_Check=1"
- On client computer navigate to C:\Windows\System32 and replace the following dlls. libcrypto-1_1-x64.dll, libykpiv and libykpiv.dll. The DLL files can be found on https://developers.yubico.com/yubico-piv-tool/Releases/ (yubico-piv-tool\bin)
- make sure the following options are not checked:
- Ask user to switch from password to token protection" in SecureDoc Profile->General Options->Hardware Authentication.
- Smart Card + Password protection; ..." in SecureDoc Profile->Boot Configuration.
- create package and install on client
- Login to Preboot and SDCC with Password of YubiKey to confirm
Internal Reference SD-44245