I have paired my Yubikey with my mac. Pin has replaced my system password.
I want to check the certificate expiry date in Jamf Inventory. I do not see the concerned certificate in Jamf inventory/computer/certificates !! I do not see the Yubikey certificate in my keychain either !!
Any idea where the cert is stored ? How make it visible in Jamf ?
Use something like Smart Card Utility from the App Store to see the certificate(s) on the Yubikey, it will also show you when they expire. I had to obtain 2 of the certs listed from our Cyber team to push to devices via a Config Profile, and I do see those in the inventory report for my machine in Certificates.
You wont be able to see any of the yubikey information in jamf unless you build some sort of EA to read the certificate. The certs are on the yubikey, not the device. They're only available when you have the yubikey plugged in. And like @Jason33 said, it requires some tool like Smart Card Utility.
You can use AD CS Connector to get cert from MMC to the key ( not validated but should work).
We are using virtual Cirix access to get the cert (manual steps for user that requires pin/login pwd).
Big Big Issue:
How can you help user to login to his session if his smartcard is blocked and he forgot his PIN code? !!!
Yubico has created Yubico mini driver for windows that can detect if card is locked and will prompt user for PUK. This tools is not created for mac side !!!
What are you planning for that scenario ?
@Eskobar I got the EA Working.
Use the following installer and the following EA:
Current Version at time of this message:
#!/bin/sh if [ -e /usr/local/ykman/ykman ] then Serials=$(/usr/local/ykman/ykman piv info) echo "<result>$Serials</result>" else echo "<result>NotInstalled</result>" fi