Set certificate request properties
This policy setting configures the properties of generated certificates and certificate signing requests.
If you enable this policy setting, the specified values will be used by the YubiKey PIV Manager.
If you disable or do not configure this policy setting, application defaults will be used.
Supported on: At least Windows Vista
Cryptographic algorithm to use for key pair generation:
- User-defined
Registry Hive HKEY_CURRENT_USER Registry Path Software\Yubico\YubiKey PIV Manager Value Name algorithm Value Type REG_DWORD Value - RSA-1024
Registry Hive HKEY_CURRENT_USER Registry Path Software\Yubico\YubiKey PIV Manager Value Name algorithm Value Type REG_SZ Value RSA1024 - RSA-2048
Registry Hive HKEY_CURRENT_USER Registry Path Software\Yubico\YubiKey PIV Manager Value Name algorithm Value Type REG_SZ Value RSA2048 - ECC P-256
Registry Hive HKEY_CURRENT_USER Registry Path Software\Yubico\YubiKey PIV Manager Value Name algorithm Value Type REG_SZ Value ECC256 - ECC P-384
Registry Hive HKEY_CURRENT_USER Registry Path Software\Yubico\YubiKey PIV Manager Value Name algorithm Value Type REG_SZ Value ECC384
Subject Distinguished Name:
| Registry Hive | HKEY_CURRENT_USER |
| Registry Path | Software\Yubico\YubiKey PIV Manager |
| Value Name | subject |
| Value Type | REG_SZ |
| Default Value | /CN=%USERNAME% |
Certificate template name (for certreq.exe):
| Registry Hive | HKEY_CURRENT_USER |
| Registry Path | Software\Yubico\YubiKey PIV Manager |
| Value Name | certreq_template |
| Value Type | REG_SZ |
| Default Value |
yubikey.admx