Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] Bacula-5.0.1 with self-signed certificates

2010-03-15 21:12:03
Subject: [Bacula-users] Bacula-5.0.1 with self-signed certificates
From: Lamp Zy <lampzy AT gmail DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Mon, 15 Mar 2010 18:08:26 -0700 
I have bacula-5.0.1 compiled with openssl support and installed on 
CentOS5.4(32bit).

All bacula daemons run on the same server - director, storage and file 
daemon. I can successfully backup local files and directories.

The problem is when I try to setup tls encryption (at some point I'll 
backup systems over the network). The error I'm getting is:
   ERR=18:self signed certificate

In bacula-dir.conf:
----
Client {
   Name = backupserver.domain.com-fd
   Address = backupserver.domain.com
   ...
   # Request encrypted communication with the client
   TLS Enable = yes
   TLS Require = yes
   TLS CA Certificate File = /etc/pki/tls/certs/cert.pem
   TLS Certificate = /etc/pki/tls/certs/backupserver.domain.com.crt
   TLS Key = /etc/pki/tls/certs/backupserver.domain.com.key
}

In bacula-fd.conf:
----
Director {
   Name = backupserver.domain.com-dir
   ...
   # Request encrypted communication with the server
   TLS Enable = yes
   TLS Require = yes
   TLS Verify Peer = yes
   TLS Allowed CN = "backupserver.domain.com"
   TLS CA Certificate File = /etc/pki/tls/certs/cert.pem
   TLS Certificate = /etc/pki/tls/certs/backupserver.domain.com.crt
   TLS Key = /etc/pki/tls/certs/backupserver.domain.com.key
}

Here is the full message on the console:
----
15-Mar 16:47 backupserver.domain.com-dir JobId 0: Error: tls.c:92 Error 
with certificate at depth: 0, issuer = /C=US/ST=California/L=San 
Diego/O=MyORG/OU=DEP/CN=backupserver.domain.com/emailAddress=someemail@address, 
subject = /C=US/ST=California/L=San 
Diego/O=UCSD/OU=CSE/CN=backupserver.domain.com/emailAddress=someemail@address, 
ERR=18:self signed certificate
15-Mar 16:47 backupserver.domain.com-dir JobId 0: Fatal error: TLS 
negotiation failed with FD at "backupserver.domain.com:9102".

Is it possible to use self-signed certificates with Bacula?
What am I doing wrong?

Any help is appreciated.

Thanks

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] different clients different volumes - please advise, John Drescher
Next by Date:  [Bacula-users] different clients different volumes - please advise, hellonewman
Previous by Thread:  [Bacula-users] Bacula 3.0.2 and Windows 2003 Server connection problem, daveb93
Next by Thread:  Re: [Bacula-users] Bacula-5.0.1 with self-signed certificates, user100
Indexes:  [Date] [Thread] [Top] [All Lists]