Hi,
On 20/05/21 21:49, tincantech via Openvpn-devel wrote:
Hi,
again, I do not understand why openvpn choose to switch to .pem
for this tutorial. PEM -> Private Email, which this is not.
You have a certificate and a key and every other openvpn tutorial
on openvpn and probably the entire planet uses .crt and .key.
This seems to be a poor decision in my opinion.
pem as extension for keys is pretty common and specifies more the
encoding than the type. E.g. there is also the der encoding.
Arne
I accept the principle but openvpn *only* uses PEM-enc, that I know of.
So, why switch to .pem when it has never been used before by openvpn?
If you are all happy to let it go that way then so-be-it,
Hopefully this clarifies things:
- the default output format of OpenSSL is PEM-encoded ; openssl uses the
default extension .pem
- the OpenVPN .crt and .key files are ALSO PEM-encoded by default, but
they've just been named differently by the easy-rsa tools to ensure that
the files can be easily loaded on Windows
- FTR: nearly all webservers I have ever seen are configured to use a
hostcert.pem and hostkey.pem and my guess is that there are (still)
more Linux-based webservers out there than OpenVPN clients and servers.
Having said that, I do agree that after using .crt/.key files left and
right (to accomodate Windows users) for over 15 years, it does seem
confusing to start using files named .pem for peer-fingerprinting all
of sudden. On the other hand, with peer-fingerprinting you don't
*HAVE* a .crt file (at least, you don't need one, technically) but only
a .key file. So choosing a different extension for peer-fingerprinting
does have its merits.
HTH,
JJK
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
