I was under the impression that bacula 15 came with TLS encryption enabled and set up by default.
Can't help much with configuration. Does this link help? It mentions unsupported purpose errors. https://dan.langille.org/2021/06/17/openvpn-unsupported-certificate-purpose/ Robert Gerber 402-237-8692 r...@craeon.net On Thu, Jun 5, 2025, 11:21 AM Richard Laysell <mlbac...@xiphosura.co.uk> wrote: > > Hello, > > I'm running Bacula 15.0.3 on Linux x64. > > I'm trying to get TLS working between director and client. I have > created my own CA and have created cerficates for the director and > client. However, the client certificate is always rejected by Bacula > with either > > ERR=26:unsuitable certificate purpose > > or > > ERR=error:0A000413:SSL routines::sslv3 alert unsupported certificate > > Here is my client configuration for the Director > Client > { > Name = client1-fd > Address = client1.example.com > FDPort = 9102 > Catalog = MyCatalog > Password = "mypassword" > Maximum Concurrent Jobs = 20 > File Retention = 12 months > Job Retention = 12 months > TLS Enable = yes > TLS Require = yes > TLS Authenticate = yes > TLS CA Certificate File = /opt/bacula/ssl/example-ca.crt > TLS Certificate = /opt/bacula/ssl/bacdir.example.com.crt > TLS Key = /opt/bacula/ssl/bacdir.example.com.key > } > > Here is my file daemon configuration for the client > Director { > Name = bacdir-dir > Password = "mypassword" > Address = bacdir.example.com > TLS Enable = yes > TLS Require = yes > TLS Verify Peer = yes > TLS Authenticate = yes > TLS Allowed CN = client1.example.com > TLS CA Certificate File = /etc/ssl/example-ca.crt > TLS Certificate = /etc/ssl/client1.example.com.crt > TLS Key = /etc/ssl/private/client1.example.com.key > } > > Does this configuration look correct? Bacula doesn't complain about > the configuration so I think it is OK. > > What I don't understand is how to create a working client certificate > that Bacula will accept. > > I have tried using both easyrsa and ssl-admin to create certificates. > > I have followed Dan Langille's advice on this page > > https://dan.langille.org/2019/11/29/ssl-client-vs-server-certificates-and-bacula-fd/ > But, this does not seem to work any more (using ssl-admin and creating > a client certificate using option 4 results in 'ERR=26:unsuitable > certificate purpose') > > Any advice would be most welcome. > > Regards, > > Richard > > > > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users >
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
