See https://openvpn.net/community-resources ... Did%20name
My id looks like this:–pkcs11-id name
Specify the serialized certificate id to be used. The id can be gotten by the standalone –show-pkcs11-ids option.
Code: Select all
C:\Program Files\OpenVPN\bin>openvpn --show-pkcs11-ids "C:/Program Files/OpenSC Project/OpenSC/pkcs11/opensc-pkcs11.dll"
The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
Certificate
DN: CN=client-xps15
Serial: 7D66AF960CFDF15F027551BF48844D4D
Serialized id: pkcs11:model=PKCS%2315%20emulated;token=GIDS%20card%20%28UserPIN%29;manufacturer=www.mysmartlogon.com;serial=8ef553487aadf787;id=
However I have both triedConvert the PKCS11 ID manually if using OpenVPN v2.4.8 - the ID generated differs from what OpenVPN actually wants when looking for the certificate.
Example: My ID looks like this: pkcs11:model=PKCS%2315%20emulated;token=am;manufacturer=piv_II;serial=12a3e4556598765e;id=%01
What OpenVPN wants is this: piv_II/PKCS\x2315\x20emulated/12a3e4556598765e/am/01
The conversion can be done by replacing/copying information from the serialized id string to the “what OpenVPN wants” string. As we can see the value of the token, the serial and the id are copied.
Code: Select all
pkcs11-id 'pkcs11:model=PKCS%2315%20emulated;token=GIDS%20card%20%28UserPIN%29;manufacturer=www.mysmartlogon.com;serial=8ef553487aadf787;id='
Code: Select all
pkcs11-id 'www.mysmartlogon.com/PKCS\x2315\x20emulated/8ef553487aadf787/GIDS%20card%20%28UserPIN%29/'
Code: Select all
Wed Feb 03 11:00:19 2021 PKCS#11: Cannot deserialize id 19-'CKR_ATTRIBUTE_VALUE_INVALID'
Wed Feb 03 11:00:19 2021 Cannot load certificate
What is the proper conversion format for pkcs11-id?
What is the correct value for me?