Take a look here:
http://www.bacula.org/en/dev-manual/Bacula_TLS_Communication.html
(search for "Self-signed Cerftificate").
I´m not sure if "TLS Verify Peer" would work in your situation (since CA
= Your-Server?). However if everything else is right (bacula-sd?) I
guess it should work if you create your own CA somewhere else and sign
your cerftificates yourself. Bacula is working well with SSL (even if
you would not pay for signing certificates) ;)
Greetings,
user100
Am 16.03.2010 02:08, schrieb Lamp Zy:
> I have bacula-5.0.1 compiled with openssl support and installed on
> CentOS5.4(32bit).
>
> All bacula daemons run on the same server - director, storage and file
> daemon. I can successfully backup local files and directories.
>
> The problem is when I try to setup tls encryption (at some point I'll
> backup systems over the network). The error I'm getting is:
> ERR=18:self signed certificate
>
> In bacula-dir.conf:
> ----
> Client {
> Name = backupserver.domain.com-fd
> Address = backupserver.domain.com
> ...
> # Request encrypted communication with the client
> TLS Enable = yes
> TLS Require = yes
> TLS CA Certificate File = /etc/pki/tls/certs/cert.pem
> TLS Certificate = /etc/pki/tls/certs/backupserver.domain.com.crt
> TLS Key = /etc/pki/tls/certs/backupserver.domain.com.key
> }
>
> In bacula-fd.conf:
> ----
> Director {
> Name = backupserver.domain.com-dir
> ...
> # Request encrypted communication with the server
> TLS Enable = yes
> TLS Require = yes
> TLS Verify Peer = yes
> TLS Allowed CN = "backupserver.domain.com"
> TLS CA Certificate File = /etc/pki/tls/certs/cert.pem
> TLS Certificate = /etc/pki/tls/certs/backupserver.domain.com.crt
> TLS Key = /etc/pki/tls/certs/backupserver.domain.com.key
> }
>
> Here is the full message on the console:
> ----
> 15-Mar 16:47 backupserver.domain.com-dir JobId 0: Error: tls.c:92 Error
> with certificate at depth: 0, issuer = /C=US/ST=California/L=San
> Diego/O=MyORG/OU=DEP/CN=backupserver.domain.com/emailaddress=someem...@address,
> subject = /C=US/ST=California/L=San
> Diego/O=UCSD/OU=CSE/CN=backupserver.domain.com/emailaddress=someem...@address,
> ERR=18:self signed certificate
> 15-Mar 16:47 backupserver.domain.com-dir JobId 0: Fatal error: TLS
> negotiation failed with FD at "backupserver.domain.com:9102".
>
> Is it possible to use self-signed certificates with Bacula?
> What am I doing wrong?
>
> Any help is appreciated.
>
> Thanks
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
