>>>>> On Wed, 18 Nov 2015 16:17:20 -0700, Devin Reade said: > > My alerting system tells me that I have some file daemons that have been > merrily encrypting their data for quite a while. In particular, the > expiry dates for the data encryption x509 certs are coming up soon. > > Well, this brings up an interesting question that I'd not really > considered in depth: Given that you can only specify two keys > in the bacula-fd.conf file, what is the best strategy during key > rollover? That is, that time period after making a new client > keypair available, and the retention time of the backups that were > made with the old keypair?
Does Bacula ever check for expired certs? I suspect not, so the question about rollover strategy is a moot one. __Martin ------------------------------------------------------------------------------ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
