Yubico Forum

I use my Yubikeys NEO with the personal certificate PKCS installed in the PIV applet. I use also a VPN client (Foticlient from Fortigate) to acces to my corporate network.

I have the problem that the VPN client ask me many times the PIN, because make serveral conection stages.

The question is: is posible make PIN caching (time configurable if possible) to avoid the annoyance and ask me the PIN the first time only in each connection? (I work with Windows 7/64 b)

Thanks in advance.

I suspect that the key used for this authentication is Digital Signature key. I think PIV standard forbids using that key without a PIN (i.e. one must re-enter PIN every time this private key is used).

If your VPN client would allow PIN caching and would pass your PIN to NEO every time it's needed - that's up to the client. But I don't think there's a way (or even should be a way) to tell NEO to stop asking for PIN for this key.

Another possibility is to use one of the other keys (the card allows 4 keys in the PIV applet). Probably PIV Auth or Card Auth key would do...

Thanks a lot, mouse008

I instaled my certificate in the slot 9a (PIV Authentication) and the VPN-SSL client ask me the PIN only in the initial stage of the connection process.

Bests regards.