Re: [Bacula-users] one client and multiple storages with TLS

Thu, 03 May 2007 23:34:08 -0700 

Does anybody have any more experience with using multiple certificates in FD?

-- 
Silver

On Monday 30 April 2007 12:15, Silver Salonen wrote:
> On Friday 27 April 2007 14:03, Frank Sweetser wrote:
> > On Fri, Apr 27, 2007 at 10:03:23AM +0300, Silver Salonen wrote:
> > > Hi.
> > > 
> > > Am I wrong if I say that one FD can't communicate with multiple SDs with 
> > > different TLS certificates?
> > > 
> > > As I've understood, there can be only one TLS-configuration for SD (in 
the 
> > > Storage{} resource). For communicating with SD, FD uses TLS 
configuration 
> > > from its Client{} resource, and there can be only one Client{} resource 
in 
> > > FD's configuration. The "TLS CA Certificate File" is always required for 
> the 
> > > TLS-client, so it seems that it's not possible to use different 
> > > TLS-configurations for different storages, i.e. all the storages (that 
the 
> FD 
> > > communicates with) must use certificates originated from the same CA.
> > 
> > Try concatenating multiple CA files into a single one.
> 
> Hello.
> 
> Did it. But it seems that multiple entries are not supported in "TLS 
> Certificate" and "TLS Key" files. Only the first certificate is taken from 
> there - FD doesn't even start if CRT's and KEY's positions differ in these 
> files (i.e. crt A is on the 1st position in the "TLS Certificate" file and 
> key A is on the 2nd position in the "TLS Key" file).
> 
> But well, according to the manual 
> (http://www.bacula.org/rel-manual/Bacula_TLS_Communication.html) these 
> directives ("TLS Certificate" and "TLS Key") require <Directory> not 
> <Filename>. I guess it's a bug in the manual as I get "ERROR in openssl.c:74 
> Error loading certificate file: ERR=error:0906D06C:PEM 
> routines:PEM_read_bio:no start line" when specifying directory there.
> As I suppose Kern is no longer in the bacula-users list, should I notify him 
> about this directly, or will it be taken care by some developer? :)
> 
> -- 
> Silver

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to