Extra security – hardware tokens, smart cards, and PKCS#11
In this section, we will provide some background information on cryptographic hardware devices. You will learn how to generate a private key on a hardware token, and how to copy the associated X.509 certificate to the token as well. After that, we will discuss how OpenVPN can find and use this certificate/private key pair to establish a VPN connection.
Starting with Version 2.1, OpenVPN supports two-factor authentication by providing PKCS#11 support. Two-factor authentication is based on the idea that in order to use a system (like a VPN) you need to provide two things:
- Something you know, for example, a password
- Something you possess, for example, a smart card or hardware ...