Set certificate request properties

This policy setting configures the properties of generated certificates and certificate signing requests.

If you enable this policy setting, the specified values will be used by the YubiKey PIV Manager.

If you disable or do not configure this policy setting, application defaults will be used.

Supported on: At least Windows Vista

Cryptographic algorithm to use for key pair generation:


  1. User-defined
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Yubico\YubiKey PIV Manager
    Value Namealgorithm
    Value TypeREG_DWORD
    Value
  2. RSA-1024
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Yubico\YubiKey PIV Manager
    Value Namealgorithm
    Value TypeREG_SZ
    ValueRSA1024
  3. RSA-2048
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Yubico\YubiKey PIV Manager
    Value Namealgorithm
    Value TypeREG_SZ
    ValueRSA2048
  4. ECC P-256
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Yubico\YubiKey PIV Manager
    Value Namealgorithm
    Value TypeREG_SZ
    ValueECC256
  5. ECC P-384
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Yubico\YubiKey PIV Manager
    Value Namealgorithm
    Value TypeREG_SZ
    ValueECC384

Subject Distinguished Name:

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Yubico\YubiKey PIV Manager
Value Namesubject
Value TypeREG_SZ
Default Value/CN=%USERNAME%
Certificate template name (for certreq.exe):

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Yubico\YubiKey PIV Manager
Value Namecertreq_template
Value TypeREG_SZ
Default Value

yubikey.admx