I was reading up a little on openvpn and pki infra and am confused by some of the questions posed by my colleague. :)
This answer did help me understand more: http://security.stackexchange.com/a/12369/66224
But I am still stuck with some questions. Searching hasn't helped much.
1.1. In the openvpn with pki process, we create the ca first, which gives us the ca.crt and ca.key; more importantly, we get a dh2048.pem and a crl.pem.
1.2. Then we go about creating files (.keys and .crts) for the entities (here, entity means openvpn client or server; basically, a 'client' for the ca)
PKI uses RSA which is as follows (copied from:http://docs-legacy.fortinet.com/fweb/admin_hlp/5-0-0/index.html#page/FortiWeb_Help/how_to_apply_PKI_client_auth.html)
2.1 n = pq; p,q = big primes
2.2 phi = (p-1)(q-1)
2.3 e < n, such that gcd(e,d) = 1
2.4 d = e^(-1) mod phi
2.5 (n,d) is the private key
2.6 (n,e) is the public key
I see that the ca.crt is a key, dh2048.pem is a key, client.crt is a text and client.key is again a key.
How do these map to the algorithm variables above?
Thanks.