On Tue, 9 Apr 2013 14:07:03 +0200 (CEST) loo...@gmx.li wrote: [...] > Then I do a successfully backup job to a Debian Squeeze client > (Bacula version 5.0.2-2.2 und OpenSSL version 0.9.8o-4). > But the second backup job to a Debian Wheezy client (Bacula version > 5.2.6+dfsg-8 und OpenSSL version 1.0.1e-2) fails with following > message:
> 09-Apr 13:23 baculaclient JobId 690: Error: openssl.c:86 Connect > failure: ERR=error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > 09-Apr 13:23 bacula-sd JobId 690: Error: openssl.c:86 Connect failure: > ERR=error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca ^^^ This. The client presents the SD a certificate signed by a CA the SD does not trust. So I would first run something like $ openssl x509 -noout -text -in client-cert.pem on both your clients and see if they are really signed by the same CA -- look for "X509v3 Authority Key Identifier" in the output. I, for one, can think of other reasons for this scenario but we need more information on your PKI setup to do educated guesses. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
