O'Reilly logo

Mastering OpenVPN by Jan Just Keijser, Eric F Crist

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Extra security – hardware tokens, smart cards, and PKCS#11

In this section, we will provide some background information on cryptographic hardware devices. You will learn how to generate a private key on a hardware token, and how to copy the associated X.509 certificate to the token as well. After that, we will discuss how OpenVPN can find and use this certificate/private key pair to establish a VPN connection.

Background information

Starting with Version 2.1, OpenVPN supports two-factor authentication by providing PKCS#11 support. Two-factor authentication is based on the idea that in order to use a system (like a VPN) you need to provide two things:

  • Something you know, for example, a password
  • Something you possess, for example, a smart card or hardware ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required