[Bacula-users] TLS FD Errors

Tue, 07 Jun 2011 09:41:45 -0700 

I'm trying to get TLS working between my Bacula Director and the FD. 
I have it working locally between the Director and the SD, but when I
try to connect to a remote FD it wont authenticate. In my FD logs I get
openssl.c:85-0 jcr=0 Connect failure: ERR=error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate

We are using all locally generated Certs and they are all signed by a
CA key that we distribute out to the work.

Here is my config, did I miss something?


Director {
  Name = example-dir
  Password = "XXXX"
  TLS Enable = yes
  TLS Require = Yes
  TLS Verify Peer = Yes
  TLS CA Certificate File = /etc/bacula/ssl/bacula_ca.crt
  TLS Certificate = /etc/bacula/ssl/bacula_fd.example.com.pem
  TLS Key = /etc/bacula/ssl/bacula_fd.example.com.key
}

#
# Restricted Director, used by tray-codestorm to get the
#   status of the file daemon
#
Director {
  Name = example-mon
  Password = "XXXX"
  Monitor = yes
}


#
# "Global" File daemon configuration specifications
#
FileDaemon {                          # this is me
  Name = example-fd
  WorkingDirectory = /var/lib/bacula
  Pid Directory = /var/run/bacula
  Maximum Concurrent Jobs = 20
  FDport = 9102                  # where we listen for the director
  FDaddress = ns1.hubzero.org
  TLS Enable = yes
  TLS Require = yes
  TLS CA Certificate File = /etc/bacula/ssl/bacula_ca.crt
  TLS Certificate = /etc/bacula/ssl/bacula_fd.example.com.pem
  TLS Key = /etc/bacula/ssl/bacula_fd.example.com.key
 
}

# Send all messages except skipped files back to Director
Messages {
  Name = Standard
  director = hubzero-dir = all, !skipped, !restored
}




-- 
Craig Van Tassle
HUBzero.org
System Administrator
YONG 1006
Desk Phone : (765)496-6413

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to