It was never supported to begin with by IE and Safari. Key Pinning was deprecated in 2017, and was removed entirely from Chrome and Firefox in Nov.
It was frequently misconfigured by site owners, plus in the event of a site compromise, attackers could maliciously pin a cert that the site owner didn't control.
It was frequently also known as Key Pinning, since it was actually the public key hash that got saved.īut in practice, Key Pinning turned out to cause more problems than it solved. You can also find answers to many common support questions in our knowledgebase.Typically certificates are validated by checking the signature hierarchy M圜ert is signed by IntermediateCert which is signed by RootCert, and RootCert is listed in my computer's "certificates to trust" store.Ĭertificate Pinning was where you ignore that whole thing, and say trust this certificate only or perhaps trust only certificates signed by this certificate, ignoring all the other root CAs that could otherwise be trust anchors. If you have any additional questions, please contact us by email at call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. If you get an error message the first time you attempt to sign a document after setting up your YubiKey, we suggest restarting Acrobat before trying again. You’re all ready to start signing PDFs! Please refer to this how-to for general instructions for signing documents in Acrobat and Acrobat Reader. If you also wish to use the certificate to certify PDFs, open the menu again and select Use for Certifying as well (both items will be shown as checked when you are finished).Ĭlick the Close button to close the settings window, then the OK button to close the Acrobat preferences.
Select Use for Signing from the Usage Options drop-down menu. You can see that this certificate is intended for document signing in Acrobat from the information shown under Intended usage when the certificate is selected. Select YubiKey PIV # from the left-hand pane, then select the certificate you want to use for signing.
(Note that the Login button may not appear until you roll your mouse off of PKCS#11 PIV Library.)Įnter your YubiKey PIN in the Password field, then click the OK button. If your token shows a status of Logged out, click Login.
After you have entered the path, click the OK button.Ĭlick the > symbol to the left of PKCS#11 Modules and Tokens, then click PKCS#11 PIV Library. (Replace YOUR-USERNAME with your actual macOS username). Since in this example we installed it in our home directory, the path will be entered as /Users/YOUR-USERNAME/yubico-piv-tool-2.0.0-mac/lib/libykcs11.dylib. Select PKCS#11 Modules and Tokens in the left-hand pane, then click Attach Module.Įnter the path to /lib/libykcs11.dylib in the downloaded PIV tool folder. Select Signatures from the left-hand Categories pane, then click the More… button under Identities & Trusted Certificates.
Open Acrobat Pro or Acrobat Reader, then open the application preferences from the menu. Unzip the PIV tool folder and put it somewhere you will remember it (like your macOS home directory). Navigate to the Yubico PIV tool releases page and download the most recent version for macOS.
Before you can start using a YubiKey-installed Business Identity certificate to sign PDFs with Adobe Acrobat or Acrobat Reader on macOS, you will need to install and configure Yubico’s PKCS#11 module so that Acrobat can communicate with your YubiKey FIPS token.