Time needed: 20 minutes.
Before you can start using a YubiKey-installed Business Identity certificate to sign PDFs with Adobe Acrobat or Acrobat Reader on macOS, you will need to install and configure Yubico's PKCS#11 module so that Acrobat can communicate with your FIPS 140-2 validated security key USB token. This how-to will guide you through the process.
- Download the Yubico PIV tool for macOS.
Navigate to the Yubico PIV tool releases page and download the most recent version for macOS. The filename will end with mac.zip.
- Unzip PIV tool.
Unzip the PIV tool folder and put it somewhere you will remember it (like your macOS home directory).
- Open Acrobat preferences.
Open Acrobat Pro or Acrobat Reader, then open the application preferences from the menu.
- Navigate to Identities & Trusted Certificates.
Select Signatures from the left-hand Categories pane, then click the More... button under Identities & Trusted Certificates.
- Attach module.
Select PKCS#11 Modules and Tokens in the left-hand pane, then click Attach Module.
- Enter module path.
Enter the path to /lib/libykcs11.dylib in the downloaded PIV tool folder. Since in this example we installed it in our home directory, the path will be entered as /Users/YOUR-USERNAME/yubico-piv-tool-2.0.0-mac/lib/libykcs11.dylib. (Replace YOUR-USERNAME with your actual macOS username). After you have entered the path, click the OK button.
- Login to YubiKey.
Click the > symbol to the left of PKCS#11 Modules and Tokens, then click PKCS#11 PIV Library. If your token shows a status of Logged out, click Login. (Note that the Login button may not appear until you roll your mouse off of PKCS#11 PIV Library.)
- Enter PIN.
Enter your YubiKey PIN in the Password field, then click the OK button.
- Select certificate.
Select YubiKey PIV #[serial number] from the left-hand pane, then select the certificate you want to use for signing. You can see that this certificate is intended for document signing in Acrobat from the information shown under Intended usage when the certificate is selected.
- Set certificate usages.
Select Use for Signing from the Usage Options drop-down menu. If you also wish to use the certificate to certify PDFs, open the menu again and select Use for Certifying as well (both items will be shown as checked when you are finished).
- Close preferences.
Click the Close button to close the settings window, then the OK button to close the Acrobat preferences.
- Start signing documents.
You're all ready to start signing PDFs! Please refer to this how-to for general instructions for signing documents in Acrobat and Acrobat Reader. If you get an error message the first time you attempt to sign a document after setting up your YubiKey, we suggest restarting Acrobat before trying again. If you have any additional questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.