Comment 10 for bug 2004676

This is the last step in that libp11 dep8 test[1] that we need: generate the certificate request:

echo "With openssl engine, generate a certificate request with the RSA key in the softhsm2 token"
OPENSSL_CONF="${ssl_cnf}" openssl \
    req -engine pkcs11 -new -key "${URI};object=test-key;pin-value=${PIN}" \
    -keyform engine -out ${req_pem} -text -x509 -subj "/${SUBJECT}"

Then we need to go back to the openvpn ca (presumably created with easy-rsa), sign this request, and the resulting signed cert is what has to be used in the openvpn client. And then see what openvpn does with it.

1. https://git.launchpad.net/ubuntu/+source/libp11/tree/debian/tests/engine?h=applied/ubuntu/devel