Home » Howto

Linux Openvpn Client

Show the slots/certificates


han@plup:~$ sudo openvpn --show-pkcs11-ids /usr/lib/opensc-pkcs11.so
The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
Certificate
DN: /CN=Henrik Andreasson/serialNumber=190101020304/O=fmv
Serial: 1D45062F038F45B0
Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/BBAF8CC8437E03662A8C1BA95364ABDA935CBD32
Certificate
DN: /CN=Henrik Andreasson/O=Gazonk/C=SE
Serial: 17A2FDBCC4004BDA
Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/63313436396164362D363138322D343933302D393236622D6561396163636536
Certificate
DN: /CN=Henrik Andreasson/serialNumber=190101020304/O=fmv
Serial: 02FA9DD5264D52A2
Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/239DE190AC0EC55E3EA85FBB216806465FB8E04E
Certificate
DN: /CN=Henrik Andreasson/serialNumber=190101020304/O=fmv
Serial: 73441CA4B462246C
Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/BBAF8CC8437E03662A8C1BA95364ABDA935CBD32
Certificate
DN: /CN=Henrik Andreasson/serialNumber=190101020304/O=fmv
Serial: 02FA9DD5264D52A2
Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28signature\x29/239DE190AC0EC55E3EA85FBB216806465FB8E04E

Put this in the config

pkcs11-providers /usr/lib/opensc-pkcs11.so
pkcs11-id 'SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/BBAF8CC8437E03662A8C1BA95364ABDA935CBD32'

Start the client


han@plup:~$ sudo openvpn --config /etc/openvpn/openvpn_client_with_pkcs11_support.conf
Wed Nov 19 22:59:40 2008 OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Wed Nov 19 22:59:40 2008 PKCS#11: Adding PKCS#11 provider '/usr/lib/opensc-pkcs11.so'
NEED-OK|token-insertion-request|Please insert ToLiMa Card P1 (identification) token:^C
Enter ToLiMa Card P1 (identification) token Password:
Wed Nov 19 22:59:56 2008 Initialization Sequence Completed

AttachmentSize
openvpn_client_with_pkcs11_support.conf2.56 KB
  • By kinneh at 2008-11-20 00:22
  • Login to post comments