Hello,
I’m in need of some help with configuring tls
encryption.
I’ve already read the manual but it isn’t very
clear.
I have the following setup:
Director
+ Storage on the backup server
File
daemon on a remote machine
and I need to encrypt traffic
from the File daemon to the Storage daemon and eventually from the Director to
the File daemon.
I will be signing my own certificates (so will not be using any
other CA out there).
Note that I do not have FQDNs.
In my endeavor I encountered the following error:
Fatal error: Failed to authenticate Storage daemon.
Fatal error: Bad response to Storage command: wanted 2000 OK
storage, got 2902 Bad storage
so it would be best to start from scratch.
1.
Where do I need to place the TLS related syntax?
2.
When creating certificates I used the method described
in http://openvpn.net/index.php/open-source/documentation/howto.html#pki
and have the following: the CA.crt (which will be the
same on both machines), the BackupDirector’s .crt and
.key (which should stay on the backup server) and the remote FileDaemon’s
.crt and .key (which will be on the remote FD). It is not clear to me how these
relate. Also I read that the Common Name should be a FQDN that points to the
remote FD.
This is again unclear to me, because
I encounter 3 Common Name inputs along the way: when creating CA, the server’s
key and the remote machine’s key.
Please help. Thank you.
Alex F