Authenticating with Certificate on eToken or Smartcard

Preparation

  1. Put the client certificate and the client private key on the eToken or smartcard.
  2. Optional: Put the CA certificate on the eToken or smartcard.
  3. In Setup, go to Security > Smartcard > PC/SC.
  4. Enable Activate PC/SC Daemon.
  5. In Setup, go to Security > Smartcard > Middleware.
  6. Activate the matching PKCS#11 module for your eToken / smartcard.

Configuration

  1. In Setup, go to Network > VPN > OpenVPN and create a new connection.
  2. In the Session section for the new connection, enter the name or public IP address of the OpenVPN Server.
  3. Select Certificate on eToken or Smartcard as the Authentication Type.
  4. Select the Location of CA certificate:
  5. Optional: If there is more than one certificate on the eToken or smartcard, the following fields can be used to match the desired certificate:
    1. Client certificate CN or DN: Enter the client certificate Common Name (CN), its Distinguished Name (DN) or parts thereof.
    2. The PKCS#11 token label or OpenVPN Serialized ID may also be used.
  6. Click an icon for the newly created session (e.g. in the Start Menu) to initiate the connection.

    The user will be prompted for the PIN of the eToken (alphanumeric) or smartcard (digits only) if necessary.

    Authenticating With Certificate on eToken or Smartcard