Re: [Bacula-users] TLS not working with any certificate

[Andreas Aronsson]

Dan Langille wrote: and bacula-fd.conf: # List Directors who are permitted to contact this File daemon # &nbsp ; Director { Name = xxxxx-dir ..... TLS Require = yes TLS Verify Peer = no shouldn't this be yes? It is for me. Changed to yes, same result... # Allow only the Director to connect TLS Allowed CN = "this.example.cxx" This must be the director. is it? put in the director ( the hostname, tried with fully qualified as well as the short version) all at once. I got a list with Allowed CN's now... TLS CA Certificate File = /etc/ssl/certs/cacert.org.pem # This is a server certificate. It is used by connecting # directors to verify the authenticity of this file daemon TLS Certificate = /etc/ssl/xxxxx/cert.pem TLS Key = /etc/ssl/xxxxx/key.pem This must be the cert fo the director. is it? I use the same one for all three, and the only thing it checks is the CN if I have understood things correctly. Which would actually even allow any cert that presents itself with a "Allowed CN" be admissed... SO the director should be able to TLS, and the fd should let the director in, no? Yes. Also, do you certs have the passwords removed? Good idea! Removed with openssl rsa -in key.pem -out new.key mv new.key key.pem I really appreciate the help, but still the director shuns TLS =( ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users