[Bacula-users] how to configure tls for SD to remote FD

Hello,

I’m in need of some help with configuring tls encryption.

I’ve already read the manual but it isn’t very clear.

I have the following setup:

Director + Storage on the backup server

File daemon on a remote machine

and I need to encrypt traffic from the File daemon to the Storage daemon and eventually from the Director to the File daemon.

I will be signing my own certificates (so will not be using any other CA out there).

Note that I do not have FQDNs.

In my endeavor I encountered the following error:

Fatal error: Failed to authenticate Storage daemon.

Fatal error: Bad response to Storage command: wanted 2000 OK storage, got 2902 Bad storage

so it would be best to start from scratch.

1. Where do I need to place the TLS related syntax?

2. When creating certificates I used the method described in http://openvpn.net/index.php/open-source/documentation/howto.html#pki and have the following: the CA.crt (which will be the

same on both machines), the BackupDirector’s .crt and .key (which should stay on the backup server) and the remote FileDaemon’s .crt and .key (which will be on the remote FD). It is not clear to me how these relate. Also I read that the Common Name should be a FQDN that points to the remote FD.

This is again unclear to me, because I encounter 3 Common Name inputs along the way: when creating CA, the server’s key and the remote machine’s key.

Please help. Thank you.

Alex F

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users