What to do for have libssl.so? Sébastien
Sébastien Weber a écrit : > ok > > # ldd bacula-dir > linux-vdso.so.1 => (0x00007fff79dff000) > libpython2.5.so.1.0 => /usr/lib/libpython2.5.so.1.0 > (0x00007f1a7174f000) > libutil.so.1 => /lib/libutil.so.1 (0x00007f1a7154c000) > librt.so.1 => /lib/librt.so.1 (0x00007f1a71343000) > libsqlite3.so.0 => /usr/lib/libsqlite3.so.0 (0x00007f1a710cd000) > libpthread.so.0 => /lib/libpthread.so.0 (0x00007f1a70eb1000) > libdl.so.2 => /lib/libdl.so.2 (0x00007f1a70cad000) > libwrap.so.0 => /lib/libwrap.so.0 (0x00007f1a70aa4000) > libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f1a70798000) > libm.so.6 => /lib/libm.so.6 (0x00007f1a70515000) > libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f1a702fe000) > libc.so.6 => /lib/libc.so.6 (0x00007f1a6ffab000) > /lib64/ld-linux-x86-64.so.2 (0x00007f1a71ac4000) > libnsl.so.1 => /lib/libnsl.so.1 (0x00007f1a6fd93000) > > I don't have libssl.so >< > > Sébastien > > Arno Lehmann a écrit : > >> Hi, >> >> 22.04.2009 15:26, Sébastien Weber wrote: >> >> >>> Thx for your Quick-reply. >>> But I have a certificat on www.cacert.org ( the certificat its ok, on >>> the old server certificate worked. ) >>> When I use, i have a error message : "Fatal error: TLS required but not >>> configured in Bacula." >>> Bacula requires another package/daemon/... (or just configuration?) to >>> use TLS certificate? >>> openssl is requires just for used TLS certificate by bacula ? >>> >>> >> You probably run a version of Bacula without openssl support (iirc, >> due to license incomaptibilities, some distros don't include ssl >> support in Bacula). >> >> You can verify this by running 'ldd /path/to/bacula-dir'. If you see a >> reference to libssl, it's a configuration issue. If you don't see that >> reference, you'll have to use another repository to install, or >> compile yourself. >> >> Here, for example, on a test system I see >> >> bac...@gnom:/usr/local/demo-bacula> ldd sbin/bacula-dir | grep ssl >> libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb7c5e000) >> >> Arno >> >> >> >>> I don't used "./configure (option)", but used "apt-get install" for >>> instal bacula :s >>> doc:"/Appropriate autoconf macros have been added to detect and use >>> OpenSSL if enabled on the ./configure line with --with-openssl/" >>> >>> >>> how to become your own Certificate Authority so you can create your own >>> certificates. >>> That's good to know, thx :) >>> >>> >>> Sébastien >>> >>> Maarten Hoogveld a écrit : >>> >>> >>>> Sorry, accidently pressed the send button before the mail was >>>> completed (Now why didn't I look into that gmail undo-send button >>>> yesterday) >>>> >>>> Hi, >>>> >>>> I have instal bacula with "# apt-get install bacula" in debian linux. >>>> I have my backups that works, but is not securised with TLS... >>>> When used TLS, i have erreor message : >>>> "Fatal error: TLS required but not configured in Bacula." >>>> >>>> How to use TLS ? where configure used TLS with this install ? >>>> >>>> >>>> Hi Sébastien, >>>> >>>> Check out the Bacula documentation on TLS >>>> <http://www.bacula.org/en/dev-manual/Bacula_TLS_Communication.html>. >>>> The example configs are a good start. >>>> Also check out OpenSSL docs on how to become your own Certificate >>>> Authority so you can create your own certificates. >>>> This may take some effort and time if you are unfarmilliar with >>>> certificates. Without the right certificates it will not work. >>>> OpenSSL has some functionality with which you can check the >>>> certificates. You can create some sort of server and try to connect to >>>> it but I don't remember how that works anymore. Google for it. >>>> It's important to start with the simplest solution (e.g. no TLS) and >>>> then gradually add some TLS features. (So don't start with the "TLS >>>> Allowed CN" or something like that. Add that when the plain TLS >>>> connection works.) >>>> Also important to understanding what's going on is to figure out what >>>> connects to what. The part about firewalls >>>> <http://www.bacula.org/en/rel-manual/Dealing_with_Firewalls.html> in >>>> the Bacula documentation has a small and useful overview of that. For >>>> the TLS connection the "client" is the connecting party and the server >>>> is the party being connected to. Example: When the bacula-dir connects >>>> to the bacula-fd, the bacula-dir is the client and the bacula-fd is >>>> the server. (See comments in the example configs in the Director >>>> resource of the bacula-fd config) >>>> >>>> I have created some scripts to create and sign my own certificates >>>> because I just can't remember the command line options for openssl. >>>> They are used in a Fedora 6 environment so you may have to change some >>>> paths to match your setup. >>>> Before you can use these scripts you need: >>>> - A proper openssl config file >>>> Place the file location in create.sh at the [openssl.cnf] placeholder >>>> - Your self-signed root-certificate and private key >>>> Place them in their placeholders [ca.crt] and [ca.key] in the sign >>>> script >>>> - Check all paths in sign.sh (/etc/pki/CA/ in my installation) and >>>> make sure they match your setup. >>>> (Note: The sign script is not mine, I found it on the internet >>>> somewhere and don't remember who wrote it so I can't give credit.) >>>> >>>> >>>> Of course this doesn't explain TLS fully but I hope this helps a bit. >>>> >>>> >>>> Regards, >>>> Maarten Hoogveld >>>> >>>> >>>> *create.sh* A script to create a new key-pair and a cert-sign-request. >>>> >>>> #!/bin/bash >>>> FILE_BASE=$1 >>>> if [ $# -ne 1 ]; then >>>> echo "Usage: $0 <base-filename>" >>>> echo " Creates a key-pair and csr (Certificate Signing Request)" >>>> echo " File created are <base-filename>.key and <base-filename>.crt." >>>> exit 1 >>>> fi >>>> >>>> if [ -e ${FILE_BASE}.key ]; then >>>> echo "File ${FILE_BASE}.key already exists." >>>> echo "Exiting." >>>> exit 1; >>>> fi >>>> >>>> openssl req -config /[openssl.cnf]/ -new -nodes -keyout >>>> ${FILE_BASE}.key -out ${FILE_BASE}.csr -days 730 >>>> >>>> echo "Done." >>>> >>>> >>>> *sign.sh* A script to sign a sign-request >>>> >>>> #!/bin/sh >>>> # argument line handling >>>> CSR=$1 >>>> if [ $# -ne 1 ]; then >>>> echo "Usage: ${0} <whatever>.csr"; exit 1 >>>> fi >>>> if [ ! -f $CSR ]; then >>>> echo "CSR not found: $CSR"; exit 1 >>>> fi >>>> case $CSR in >>>> *.csr ) CERT="`echo $CSR | sed -e 's/\.csr/.crt/'`" ;; >>>> * ) CERT="$CSR.crt" ;; >>>> esac >>>> # make sure environment exists >>>> if [ ! -d ca.db.certs ]; then >>>> mkdir ca.db.certs >>>> fi >>>> if [ ! -f ca.db.serial ]; then >>>> echo '01' >ca.db.serial >>>> fi >>>> if [ ! -f ca.db.index ]; then >>>> cp /dev/null ca.db.index >>>> fi >>>> # create an own SSLeay config >>>> cat > ca.config <<EOT >>>> [ ca ] >>>> default_ca = CA_own >>>> [ CA_own ] >>>> dir = /etc/pki/CA >>>> certs = /etc/pki/CA/certs >>>> new_certs_dir = /etc/pki/CA/ca.db.certs >>>> database = /etc/pki/CA/ca.db.index >>>> serial = /etc/pki/CA/ca.db.serial >>>> RANDFILE = /etc/pki/CA/ca.db.rand >>>> certificate = /etc/pki/CA/certs//[ca.crt]/ >>>> private_key = /etc/pki/CA/private//[ca.//key//]/ >>>> default_days = 730 >>>> default_crl_days = 30 >>>> default_md = md5 >>>> preserve = no >>>> policy = policy_anything >>>> [ policy_anything ] >>>> countryName = optional >>>> stateOrProvinceName = optional >>>> localityName = optional >>>> organizationName = optional >>>> organizationalUnitName = optional >>>> commonName = supplied >>>> emailAddress = optional >>>> EOT >>>> # sign the certificate >>>> echo "CA signing: $CSR -> $CERT:" >>>> openssl ca -config ca.config -out $CERT -infiles $CSR >>>> echo "CA verifying: $CERT <-> CA cert" >>>> openssl verify -CAfile /etc/pki/CA/certs//[ca.crt]/ $CERT >>>> # cleanup after SSLeay >>>> /bin/rm -f ca.config >>>> /bin/rm -f ca.db.serial.old >>>> /bin/rm -f ca.db.index.old >>>> # die gracefully >>>> exit 0 >>>> >>>> >>>> *export.sh* A script to tidy up the files and put them into separate >>>> folders for archival >>>> >>>> #!/bin/bash >>>> FILE_BASE=$1 >>>> if [ $# -ne 1 ]; then >>>> echo "Usage: $0 <base-filename>" >>>> echo " If <base-filename>.key and <base-filename>.crt exist:" >>>> echo " <base-filename>.key will be moved to ./export/private" >>>> echo " <base-filename>.crt will be moved to ./export/certs" >>>> echo " <base-filename>.csr will be deleted if it exists" >>>> exit 1 >>>> fi >>>> >>>> if [ ! -e ${FILE_BASE}.key ]; then >>>> echo "File ${FILE_BASE}.key does not exist!" >>>> exit 1; >>>> fi >>>> >>>> if [ ! -e ${FILE_BASE}.crt ]; then >>>> echo "File ${FILE_BASE}.crt does not exist!" >>>> exit 1; >>>> fi >>>> >>>> if [ ! -d export/certs ]; then >>>> echo "Destination ./export/certs does not exist. Please create this >>>> directory and try again." >>>> exit 1; >>>> fi >>>> if [ ! -d export/private ]; then >>>> echo "Destination ./export/private does not exist. Please create >>>> this directory and try again." >>>> exit 1; >>>> fi >>>> >>>> mv ${FILE_BASE}.key export/private >>>> chmod 0400 export/private/${FILE_BASE}.key >>>> >>>> mv ${FILE_BASE}.crt export/certs >>>> >>>> if [ -e ${FILE_BASE}.csr ]; then >>>> rm ${FILE_BASE}.csr >>>> fi >>>> >>>> echo "Done." >>>> >>>> >>>> >>>> >>>> >>> ------------------------------------------------------------------------------ >>> Stay on top of everything new and different, both inside and >>> around Java (TM) technology - register by April 22, and save >>> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. >>> 300 plus technical and hands-on sessions. Register today. >>> Use priority code J9JMT32. http://p.sf.net/sfu/p >>> _______________________________________________ >>> Bacula-users mailing list >>> Bacula-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/bacula-users >>> >>> >> >> > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
