Extra security – hardware tokens, smart cards, and PKCS#11
In this section, we will provide some background information on cryptographic hardware devices. You will learn how to generate a private key on a hardware token, and how to copy the associated X.509 certificate to the token as well. After that, we will discuss how OpenVPN can find and use this certificate/private key pair to establish a VPN connection.
Background information
Starting with Version 2.1, OpenVPN supports two-factor authentication by providing PKCS#11 support. Two-factor authentication is based on the idea that in order to use a system (like a VPN) you need to provide two things:
- Something you know, for example, a password
- Something you possess, for example, a smart card or hardware ...
Get Mastering OpenVPN now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.