|
|
|
|
|
|
by johntash
519 days ago
|
|
|
> ... For a Yubikey to act as a poor man's HSM you have to store the PIN in plaintext on the disk. ... I haven't read the article fully yet, but it's not a bad idea to store the Root CA on the yubikey, and then generate a separate intermediate CA that is not stored on the yubikey. This way, all your day-to-day certs are issued using the intermediate and you only need to touch the root ca if you need to re-issue/revoke/etc the intermediate. |
|
|