# OpenVPN client on Windows with Yubikey and OpenSC

## OpenVPN+Yubikey+OpenSC

Tested with OpenVPN v2.4.8 64-bit on Windows 10 Pro build 1909.

This article assumes that you already have a working OpenVPN server that uses X.509 certificates, i.e. that you have a CA infrastructure in place and that you can login to OpenVPN using your X.509 certificate.

3. (Optional) If you haven’t installed the VPN certificate on your Yubikey, download and install YubiKey Manager. I have placed my VPN certificate in the Authentication slot.
openvpn --show-pkcs11-ids path\to\opensc-pkcs11.dll
7. Example: My ID looks like this: pkcs11:model=PKCS%2315%20emulated;token=am;manufacturer=piv_II;serial=12a3e4556598765e;id=%01
8. What OpenVPN wants is this: piv_II/PKCS\x2315\x20emulated/12a3e4556598765e/am/01
• The conversion can be done by replacing/copying information from the serialized id string to the “what OpenVPN wants” string. As we can see the value of the token, the serial and the id are copied.
cert and key
pkcs11-providers path\to\opensc-pkcs11.dll
pkcs11-id 'serialized id from --show-pkcs11-ids'