Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] how to configure tls for SD to remote FD

2010-02-11 15:51:30
Subject: Re: [Bacula-users] how to configure tls for SD to remote FD
From: "Alex Florescu" <alex AT acasa DOT ro>
To: <bacula-users AT lists.sourceforge DOT net>
Date: Thu, 11 Feb 2010 22:48:41 +0200 
Hi again,
After RTFM’ing for the past hours, I have been able to do the following:
- become a CA;
- create a .key and sign a .crt for the backup server (where the Director and SD are);
- create a .key and sign a .crt for the remote client (where the FD is).
 
I have followed the instructions in http://bacula.org/5.0.x-manuals/en/main/main/Bacula_TLS_Communications.html
but it is very unclear which .cert and .key is which. 
In what config do I point to the client’s certificates and in what config do I point to the server’s certificates?
Remember, I need to encrypt traffic from the SD to FD and eventually from DIR to FD.
 
Just point me to the right way to configure the DIR, SD and FD.
Thank you,
 
Alex F.
 
 
>Hello,
> 
>I'm in need of some help with configuring tls encryption.
> 
>I've already read the manual but it isn't very clear.
> 
>I have the following setup:
>                Director + Storage on the backup server
>                File daemon on a remote machine
>and I need to encrypt traffic from the File daemon to the Storage
>daemon and eventually from the Director to the File daemon.
> 
>I will be signing my own certificates (so will not be using any other CA out
>there). Note that I do not have FQDNs.
> 
>In my endeavor I encountered the following error:
>Fatal error: Failed to authenticate Storage daemon.
>Fatal error: Bad response to Storage command: wanted 2000 OK storage, got
>2902 Bad storage
>so it would be best to start from scratch.
> 
>1.       Where do I need to place the TLS related syntax?
> 
>2.       When creating certificates I used the method described in
>http://openvpn.net/index.php/open-source/documentation/howto.html#pki
>and have the following: the CA.crt (which will be the same on both machines),
>the BackupDirector's .crt and .key (which should stay on the backup server) and the
>remote FileDaemon's .crt and .key (which will be on the remote FD). 
>It is not clear to me how these relate. Also I read that the Common Name should be a
>FQDN that points to the remote FD.
>This is again unclear to me, because I encounter 3 Common Name inputs along
>the way: when creating CA, the server's key and the remote machine's key.
 
>Please help. Thank you.
> 
>Alex F

 

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Exchange Plugin Always Crashes the FD when Backing Up Exchange 2007, Arno Lehmann
Next by Date:  Re: [Bacula-users] Full Backup After Previously Successful Full with Ignore FileSet Changes Enabled, Graham Sparks
Previous by Thread:  [Bacula-users] how to configure tls for SD to remote FD, Alexandru Florescu
Next by Thread:  [Bacula-users] Exchange Plugin Always Crashes the FD when Backing Up Exchange 2007, Tyler Bannister
Indexes:  [Date] [Thread] [Top] [All Lists]