On Aug 18, 2008, at 8:15 AM, Dan Langille wrote:

That's not what I said. A server needs a server certificate; a client

*may* need a client certificate. The director needs both, because it acts both as a server (accepting bconsole connections) and as a client (connecting and authenticating to the FDs and to the SDs). The FDs also act both as servers (accepting director connections) and clients (connecting to the

SDs) but they authenticate to the SD through a mechanism that doesn't
require them to present a client certificate.

Are you sure that the Director needs both a client and a server
certificate?  My Director has only one. A server certificate.

And, FWIW, I use only Server certificates for my TLS. I use them on the SD, the FD, and the Director. I do not use Client certificates, AFAIK.

It depends on how you're generating your certificates:
        http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html

-landonf

PGP.sig
Description: This is a digitally signed message part

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users