Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Data Encryption

2009-02-11 23:05:45
Subject: Re: [Bacula-users] Data Encryption
From: Bill Merriam <lists AT billmerriam DOT com>
To: Vincent J <kool1j AT netzero DOT com>
Date: Wed, 11 Feb 2009 23:02:29 -0500 
Vincent J wrote:
>       
>
> Hi All,
>
> Need some help with the Data Encryption of a Windows client FD.  I've been
> looking 
> through the list of archive emails of bacula-users list for some references
> as well as 
> suggestions.  Issue: I'm using Win32 2.4.2 version, I've commented out the
> configurations 
> that I use for tls, on all Dir,FD,SD and just inserted the configuration for
> Data 
> Encryption according to the manual.
>
> # "Global" File daemon configuration specifications
> #
> FileDaemon {                            # this is me
>   Name = smallsteps-fd
>   FDport = 9102                # where we listen for the director
>   WorkingDirectory = "C:\\Documents and Settings\\All Users\\Application 
> Data\\Bacula\\Work"
>   Pid Directory = "C:\\Documents and Settings\\All Users\\Application 
> Data\\Bacula\\Work"
>   Maximum Concurrent Jobs = 4
>   #TLS Enable = yes
>   #TLS Require = yes
>   #TLS CA Certificate file = C:/bacula/certs/CA.crt
>   #TLS Certificate = C:/bacula/etc/ssl/xxx/smallsteps-fd.crt  
>   #TLS Key = C:/bacula/etc/ssl/xxx/smallsteps-fd.key.pem  
>
>   PKI Signatures = yes
>   PKI Encryption = yes
>   PKI Keypair = "C:/smallsteps-fd.key.pem"
>   #PKI Master Key = "C:/Bacula/master.crt"
>    
> }
>
> But,when I try to start the bacula service it fails to start, any help would
> be 
> appreciated.  Here's the link that I saw this morning while searching for
> some answers:
>
> http://www.nabble.com/Bacula-Data-Encryption---High-Level-Design-tt622581.html#a622581
>   
These are the commands I execute, on a linux machine, to generate the
client pem's for linux and windows clients.

    openssl genrsa -out $FD.key 2048
    openssl req -batch -new -key $FD.key -x509 -out $FD.cert
    cat $FD.key $FD.cert > $FD.pem

Notice that the pem file contains both public and private keys.  Here
are the commands I use to create the master key.

openssl genrsa -out master.key 2048
openssl req -batch -new -key master.key -x509 -out master.cert

The file on the client, master.cert, contains only the public key.

I haven't tried it but my understanding is you can start the bacula-fd
at a Windows command prompt and see what error messages it produces.

Remember to burn all your keys onto a cdrom and lock it in a safe somewhere.


Bill

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] [Bacula-devel] Feature Request: Implement an 'Volume Append Duration' pool directive, Kevin Keane
Next by Date:  Re: [Bacula-users] Debian/Ubuntu and openssl, Foo
Previous by Thread:  [Bacula-users] Data Encryption, Vincent J
Next by Thread:  [Bacula-users] Bacula went fubar after some weeks, Kevin Keane
Indexes:  [Date] [Thread] [Top] [All Lists]