I'd like to use OpenVPN with my YubiKey.
I've created certificates using EasyRSA, converted them to PKCS#12 format and imported them on the YubiKey. Running openvpn.exe --show-pkcs11-ids "C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll" gives me this output:
Code: Select all
The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
Certificate
DN: C=DE, ST=XXXXXXXX, L=XXXXXXXX, O=XXXXXXXX, OU=XXXXXXXX, CN=XXXXXXXX, emailAddress=XXXXXXXX
Serial: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
Serialized id: pkcs11:model=PKCS%2315%20emulated;token=XXXXXXXX;manufacturer=piv_II;serial=YYYYYYYYYYY;id=%01
Code: Select all
pkcs11-providers "C:\\Program Files\\OpenSC Project\\OpenSC\\pkcs11\\opensc-pkcs11.dll"
pkcs11-id 'pkcs11:model=PKCS%2315%20emulated;token=XXXXXXXX;manufacturer=piv_II;serial=YYYYYYYYYYY;id=%01'
Code: Select all
OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Windows version 6.2 (Windows 8 or greater) 64bit
library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Need hold release from management interface, waiting...
MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
MANAGEMENT: CMD 'state on'
MANAGEMENT: CMD 'log all on'
MANAGEMENT: CMD 'echo all on'
MANAGEMENT: CMD 'bytecount 5'
MANAGEMENT: CMD 'hold off'
MANAGEMENT: CMD 'hold release'
PKCS#11: Adding PKCS#11 provider 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll'
PKCS#11: Cannot deserialize id 19-'CKR_ATTRIBUTE_VALUE_INVALID'
Cannot load certificate "pkcs11:model=PKCS%2315%20emulated;token=XXXXXXXX;manufacturer=piv_II;serial=YYYYYYYYYYY;id=%01" using PKCS#11 interface
SIGUSR1[soft,private-key-password-failure] received, process restarting
Thanks a lot for any help.