Re: [Bacula-users] TLS Question
2008-08-18 16:18:19
On Aug 18, 2008, at 8:15 AM, Dan Langille wrote:
That's not what I said. A server needs a server certificate; a client
*may* need a client certificate. The director needs both, because
it acts
both as a server (accepting bconsole connections) and as a client
(connecting
and authenticating to the FDs and to the SDs). The FDs also act
both as
servers (accepting director connections) and clients (connecting to
the
SDs) but they authenticate to the SD through a mechanism that doesn't
require them to present a client certificate.
Are you sure that the Director needs both a client and a server
certificate? My Director has only one. A server certificate.
And, FWIW, I use only Server certificates for my TLS. I use them on
the
SD, the FD, and the Director. I do not use Client certificates,
AFAIK.
It depends on how you're generating your certificates:
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html
The extended key usage field can be used to specify that a certificate
may be used for client auth, server auth, or both.
-landonf
PGP.sig
Description: This is a digitally signed message part
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Bacula-users] TLS Question, (continued)
- Re: [Bacula-users] TLS Question, Franky Almonte
- Re: [Bacula-users] TLS Question, Sergio Gelato
- Re: [Bacula-users] TLS Question, Franky Almonte
- Re: [Bacula-users] TLS Question, Sergio Gelato
- Re: [Bacula-users] TLS Question, Dan Langille
- Re: [Bacula-users] TLS Question, Franky Almonte
- Re: [Bacula-users] TLS Question, Dan Langille
- Re: [Bacula-users] TLS Question, Franky Almonte
- Re: [Bacula-users] TLS Question, Dan Langille
- Re: [Bacula-users] TLS Question, Franky Almonte
- Re: [Bacula-users] TLS Question,
Landon Fuller <=
- Re: [Bacula-users] TLS Question, Sergio Gelato
|
|
|