Re: [Bacula-users] TLS not working with any certificate

Wed, 08 Mar 2006 10:57:03 -0800 

On 8 Mar 2006 at 19:33, Andreas Aronsson wrote:

> 
> 
> Dan Langille wrote: 
> 
>     and bacula-fd.conf:
> 
>     # List Directors who are permitted to contact this File 
>     daemon
> 
>     #
> 
>     &nbsp ; 
>     Director {
>      Name = xxxxx-dir
>     .....
> 
>      TLS Require = yes
>      TLS Verify Peer = no
> 
> 
>     shouldn't this be yes?  It is for me.
> 
> 
> Changed to yes, same result...
> 
>      # Allow only the Director to 
>     connect
> 
> 
>      TLS Allowed CN = "this.example.cxx"
> 
> 
>     This must be the director.  is it?
> 
> 
> put in the director ( the hostname, tried with fully qualified as well
> as the short version) all at once. I got a list with Allowed CN's
> now...
> 
> 
>      TLS CA Certificate File = /etc/ssl/certs/cacert.org.pem
>      # This is a server certificate. It is used by 
>     connecting
> 
>      # directors to verify the authenticity of this file 
>     daemon
> 
>      TLS Certificate = /etc/ssl/xxxxx/cert.pem
>      TLS Key = /etc/ssl/xxxxx/key.pem
> 
> 
>     This must be the cert fo the director.  is it?
> 
> 
> I use the same one for all three, and the only thing it checks is the
> CN if I have understood things correctly. Which would actually even
> allow any cert that presents itself with a "Allowed CN" be admissed...
> 
> 
> 
>     SO the director should be able to TLS, and the fd should let the
>     director in, no?
> 
> 
>     Yes.
> 
> 
>     Also, do you certs have the passwords removed?
> 
> 
> 
> 
> Good idea!
> Removed with 
> openssl rsa -in key.pem -out new.key
> mv new.key key.pem
> 
> I really appreciate the help, but still the director shuns TLS =(

Remind me again, what you're doing and the symptoms?  I'm not 
convinced it's the Director.

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to