On 22 Jan 2006 at 18:48, Dan Langille wrote:
> On 22 Jan 2006 at 10:43, Frank Sweetser wrote:
>
> > On Sun, Jan 22, 2006 at 10:08:25AM -0500, Dan Langille wrote:
> > > 22-Jan 10:03 bacula-dir: ERROR in tls.c:83 Error loading private key:
> > > ERR=error:0906A068:PEM routines:PEM_do_header:bad password read
> >
> > Looks like you left the private key encrypted with a password. You need
> > to remove the password from it. You can do so with the openssl command:
> >
> > openssl rsa -in password.key -out nopassword.key
>
> Thank you. I used the above on bacula.unixathome.org.key to create
> bacula.unixathome.org.nopassword.key. Now when starting bacula-dir,
> I get one less error:
>
> $ sudo /usr/local/sbin/bacula-dir -u bacula -g bacula -v -c
> /usr/local/etc/bacula-dir.conf
> 22-Jan 18:44 bacula-dir: ERROR in tls.c:83 Error loading private key:
> ERR=error:0B080074:x509 certificate
> routines:X509_check_private_key:key values mismatch
> 22-Jan 18:44 bacula-dir: Fatal error: Failed to initialize TLS
> context for Director "bacula-dir" in /usr/local/etc/bacula-dir.conf.
> 22-Jan 18:44 bacula-dir ERROR TERMINATION
> Please correct configuration file: /usr/local/etc/bacula-dir.conf
Well. I tried again. This time from scratch. I got the director
running. In short, the steps[1] I followed were:
1 - Creating a RSA public key pair:
openssl genrsa -des3 -out bacula.unixathome.org.key 1024
2 - Creating a CSR:
openssl req -new -key bacula.unixathome.org.key -out \
bacula.unixathome.org.key.csr
3 - submitted the .csr file to cacert.org (I'm already a member)
4- removed the password (thanks Frank):
openssl rsa -in bacula.unixathome.org.key -out \
bacula.unixathome.org.nopassword.key
5 - Copied the cacert.org root certificate onto my machine:
Now I just have to repeat the process for the other daemons, as
indicated in my start up messages:
Starting the Bacula Storage daemon
22-Jan 19:06 bacula-sd: Fatal error: "TLS Certificate" file not
defined for Storage "polo-sd" in /usr/local/etc/bacula-sd.conf.
22-Jan 19:06 bacula-sd: Fatal error: "TLS Key" file not defined for
Storage "polo-sd" in /usr/local/etc/bacula-sd.conf.
22-Jan 19:06 bacula-sd: Fatal error: Neither "TLS CA Certificate" or
"TLS CA Certificate Dir" are defined for Storage "polo-sd" in
/usr/local/etc/bacula-sd.conf. At least one CA certificate store is
required when using "TLS Verify Peer".
Starting the Bacula File daemon
Starting the Bacula Director daemon
I'm on my way!
[1] - http://www-
uxsup.csx.cam.ac.uk/~jw35/courses/using_https/html/c204.html
--
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
