Tested with OpenVPN v2.4.3 64-bit on Windows 10 Pro build 1703.
This article assumes that you already have a working OpenVPN server that uses X.509 certificates, i.e. that you have a CA infrastructure in place and that you can login to OpenVPN using your X.509 certificate.
- Download and install OpenVPN
- Download and install OpenSC
- (Optional) If you haven’t installed the VPN certificate on your Yubikey, download and install YubiKey Manager. I have placed my VPN certificate in the Authentication slot.
- Insert your Yubikey containing your VPN certificate into your computer.
- Run the following command to get your serialized id:
openvpn --show-pkcs11-ids path\to\opensc-pkcs11.dll
- Get the “Serialized id” from the certificate that you want to use together with OpenVPN.
- Edit your OpenVPN client configuration file that points to your certificate and key and replace it with key/values for PKCS11.
- Comment out:
pkcs11-id 'serialized id from --show-pkcs11-ids'
- Try to connect with the OpenVPN client, if everything works a dialog box should pop up asking you for your PIN-code.