Time needed: 15 minutes.
A FIPS 140-2 validated security key USB token with an installed SSL.com EV Code Signing or Business Identity certificate will have its PIN blocked after three unsuccessful attempts to enter it. When the PIN is blocked, it is impossible to use your YubiKey to sign code or document files. If this has happened to you, here’s how to reset the PIN and start over.
- Download and Install YubiKey Manager.
YubiKey Manager is Yubico’s configuration tool for Windows, macOS, and Linux. Navigate to the YubiKey Manager download page, download the installer for your OS, and install the software.
- Retrieve your PUK.
Log into your SSL.com user account and retrieve the PIN unlock key (PUK) from the order. For instructions on viewing your YubiKey’s PUK, please refer to this how-to. Note that the PUK is labeled the “Admin PIN” in SSL.com’s user portal.
- Insert YubiKey and launch YubiKey Manager.
Insert the YubiKey into your computer and launch the YubiKey Manager application. YubiKey Manager should display your YubiKey’s model and serial number.
- Select the PIV application.
Select Applications > PIV from the YubiKey menu.
- Click the “Configure PINs” button.
Click the Configure PINs button, located under the PIN Management heading.
- Click Unblock PIN button.
YubiKey Manager will let you know if the PIN is blocked. Click the Unblock PIN button.
- Enter PUK and new PIN.
Enter your PUK, then create and confirm a new PIN of at least 7 characters. When you are finished, click the Unblock PIN button.
Your PIN is now unblocked and you can go back to signing files. Note that the Unblock PIN button has changed to Change PIN.