Using Yubikey with OpenVPN clients connecting to OpenVPN server running on Turris

Hi everyone. I am trying to setup Turris as OpenVPN server and have my users connecting via OpenVPN clients authenticated with Yubikeys.

This will be a process and I want to get there step by step - no need to explain that my current setup is not perfect because of having to import keys manually, etc. Baby steps, please.

However, my current limitation is that the default CA on Turris uses 4096b RSA keys and I need to downgrade it do 2048b keys (no real difference for all intents and purposes). Yubikey (and most off the shelf tokens) cannot handle 4096b and have HW limit of 2048b keys.

I need to confirm whether adjusting the /etc/cagen/openssl.cnf and re-generating the ca will do the trick. I was not able to find any relevant configuration elsewhere.

TIA :).