Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] need help (step by step) for setting up certificates

2011-07-23 20:41:34
Subject: Re: [Bacula-users] need help (step by step) for setting up certificates
From: scar <scar AT drigon DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Sat, 23 Jul 2011 17:38:20 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ben Walton @ 07/23/2011 02:01 PM:
> Excerpts from scar's message of Sat Jul 23 15:56:53 -0400 2011:
> 
>> i think what is confusing me the most is what to use for CN, but i
>> am generally puzzled as to how to generate the certs properly in
>> general.  i've got TinyCA installed and i created a CA, what's next?
> 
> Generally speaking, the CN field should be the fully qualified
> hostname of your system.  For a case where you're doing dir and sd on
> the same system, you'd have two certs with the same CN value.
> 
> I found the following guide useful in setting up a local CA:
> http://www.g-loaded.eu/2005/11/10/be-your-own-ca/
> 

i've followed this, and now i have created three certificates, one for
the CA, myca.crt, and two for my local computers, home1.crt and
home2.crt.  and then i have the corresponding private keys also.

so i've defined TLS all over the place, and restarted the services, no
errors, and i'm trying to connect with bconsole from home1 to verify all
the daemons can communicate.  i get this error:

Connecting to Director home1.local:9101
Failed to initialize TLS context for Director "home1-dir".

this is what i have in home1.bacula-dir.conf:

Director {
  Name = home1-dir
  DirAddress = home1.local
  ...
  TLS Enable = yes
  TLS Require = yes
  TLS Verify Peer = yes
  TLS CA Certificate File = /etc/bacula/myca.crt
  TLS Certificate = /etc/bacula/home1.crt
  TLS Key = /etc/bacula/home1.key
}

and this is what i put in home1.bconsole.conf:

Director {
  Name = home1-dir
  Address = home1.local
  ...
  TLS Enable = yes
  TLS Require = yes
  TLS CA Certificate File = /etc/bacula/myca.crt
  TLS Certificate = /etc/bacula/home1.crt
  TLS Key = /etc/bacula/home1.key
}

-----BEGIN PGP SIGNATURE-----

iEYEAREIAAYFAk4raXoACgkQXhfCJNu98qAUGwCgqeeUkT5yvKCOtOb6Q8xozaWC
XR0An11p/RdhJDYxg1gFJpSUsz+hGVks
=9pCE
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] need help (step by step) for setting up certificates, Ben Walton
Next by Date:  Re: [Bacula-users] need help (step by step) for setting up certificates, Mike Hobbs
Previous by Thread:  Re: [Bacula-users] need help (step by step) for setting up certificates, Ben Walton
Next by Thread:  Re: [Bacula-users] need help (step by step) for setting up certificates, Mike Hobbs
Indexes:  [Date] [Thread] [Top] [All Lists]