Before we can configure OpenVPN to make use of the hardware token, we must first determine what the hardware token ID is. This hardware token ID looks quite complicated at first, hence a separate recipe is included for this purpose.
Keep the hardware token from the previous recipe at hand. Install OpenVPN 2.1. In this recipe, the computer used was running Fedora 12 Linux, pcsc-lite 1.5.2, opensc-0.11.12, PKI Client 5.00, and OpenVPN 2.1.1.
Use the following command to list the PKCS#11 IDs that are available to OpenVPN:
$ openvpn --show-pkcs11-ids /usr/lib64/libeTPkcs11.so
The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
Certificate
DN: /C=NL/O=Cookbook/CN=openvpnclient1/…
Serial: 02
Serialized id: Aladdin\x20Ltd\x2E/eToken/001a01a9/Cookbook/20100703