[Bacula-users] Data Encryption - subjectKeyIdentifier extension?
2011-11-16 17:48:04
Hi list,
after I set up TLS successfully, I tried to get data encryption running.
I started with the official documentation:
http://www.bacula.org/en/dev-manual/main/main/Data_Encryption.html
ldd `which bacula-fd` shows:
...
libssl.so.0.9.8 => /lib/libssl.so.0.9.8 (0x00673000)
libcrypto.so.0.9.8 => /lib/libcrypto.so.0.9.8 (0x00c6f000)
...
So, I made the master.cert and the pem file for the client (on the
bacula server) and set the following in the FileDaemon stanza of the
bacula-fd.conf:
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = "/etc/bacula/certs/PKI/my-fd.pem" # Public and Private Keys
PKI Master Key = "/etc/bacula/certs/PKI/master.cert" # ONLY the Public Key
Starting the bacula-fd gives me:
* Starting Bacula File daemon...
16-Nov 17:49 my-fd JobId 0: Error: crypto.c:462 Provided
certificate does not include the required subjectKeyIdentifier
extension.16-Nov 17:49 my-fd: Fatal Error at filed.c:415 because:
Failed to load public certificate for File daemon "my-fd"
in /etc/bacula/bacula-fd.conf. 16-Nov 17:49 d830-fd: ERROR in
filed.c:221 Bitte die Konfigurationsdatei
korrigieren: /etc/bacula/bacula-fd.conf *** glibc detected
*** /usr/sbin/bacula-fd: double free or corruption (fasttop):
0x0908d1b8 ***
Then there follows a backtrace which ends with Kaboom!
Neither there was anything useful (in terms of setting a
subjectKeyIdentifier extension) to be found, nor a better
bacula-PKI-howto.
Could someone give me a hint?
Thanks and greetings,
Oliver
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Bacula-users] Data Encryption - subjectKeyIdentifier extension?,
Oliver Hoffmann <=
|
|
|