-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, 20 May 2021 22:05, Jan Just Keijser <janj...@nikhef.nl> wrote: > Hi, > > On 20/05/21 21:49, tincantech via Openvpn-devel wrote: > > > > > Hi, > > > > again, I do not understand why openvpn choose to switch to .pem > > > > for this tutorial. PEM -> Private Email, which this is not. > > > > You have a certificate and a key and every other openvpn tutorial > > > > on openvpn and probably the entire planet uses .crt and .key. > > > > This seems to be a poor decision in my opinion. > > > > pem as extension for keys is pretty common and specifies more the > > > > encoding than the type. E.g. there is also the der encoding. > > > > > > Arne > > > I accept the principle but openvpn only uses PEM-enc, that I know of. > > > > So, why switch to .pem when it has never been used before by openvpn? > > If you are all happy to let it go that way then so-be-it, > > Hopefully this clarifies things: > > - the default output format of OpenSSL is PEM-encoded ; openssl uses the > default extension .pem > > - the OpenVPN .crt and .key files are ALSO PEM-encoded by default, but > they've just been named differently by the easy-rsa tools to ensure that > the files can be easily loaded on Windows > > - FTR: nearly all webservers I have ever seen are configured to use a > hostcert.pem and hostkey.pem and my guess is that there are (still) > more Linux-based webservers out there than OpenVPN clients and servers. > > Having said that, I do agree that after using .crt/.key files left and > right (to accomodate Windows users) for over 15 years, it does seem > confusing to start using files named .pem for peer-fingerprinting all > of sudden. On the other hand, with peer-fingerprinting you don't > HAVE a .crt file (at least, you don't need one, technically) but only > a .key file. So choosing a different extension for peer-fingerprinting > does have its merits. FTR: Openvpn still exchanges the full certificates in peer-fingerprint mode. > > HTH, > > JJK > -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgptC5ACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ2t0ggAxDZnJr8UhxV79fyAjnScANMeWbN3XZ/QqQuTsgaJp85Fibbz weT1TfvihZ5l1rS6vh1nIDyTtoNRpqLHMxlaNWnmgN9tR4IRlQZuVR8svZl1 UYmrAm1H5g83yHef60nnIiOxGe8tnLdy/fmjqoRFsHaBwSM87zTQ8uG+UJnq GIGhHbdLYWaH4C9SrJ+p64pZYdm3jaQpwMMMMZHdeg3rPdvHAgUixX13KWBU J2UYseRDBLcvNfz6gAgQDtTJtdT9edH3h6m4Tyu0AsIw016hfREeNe20uzrX uyQ6jGGovT2ki9alVN9P5v1k9uYVC0/1mYnFBLR8PI8effQd/zfLiA== =KICZ -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
