Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] need help (step by step) for setting up certificates

2011-07-24 00:16:31
Subject: Re: [Bacula-users] need help (step by step) for setting up certificates
From: scar <scar AT drigon DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Sat, 23 Jul 2011 21:12:30 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mike Hobbs @ 07/23/2011 06:32 PM:
> On 7/23/2011 8:38 PM, scar wrote:
>> this is what i have in home1.bacula-dir.conf:
>>
>> Director {
>>    Name = home1-dir
>>    DirAddress = home1.local
>>    ...
>>    TLS Enable = yes
>>    TLS Require = yes
>>    TLS Verify Peer = yes
>>    TLS CA Certificate File = /etc/bacula/myca.crt
>>    TLS Certificate = /etc/bacula/home1.crt
>>    TLS Key = /etc/bacula/home1.key
>> }
> 
> I also have this in my dir.conf file, I do not know if this is what's 
> causing your issue, but your other TLS settings look correct.
> 
> 
> TLS Allowed CN = "your_backupserver_hostname"
> 

so i tried adding `TLS Allowed CN = "home1"` and still get the same
error.  however, i tried using the `-d 99` switch for bconsole and it
reveals something helpful:

bconsole: openssl.c:85-0 jcr=0 Error loading private key:
ERR=error:0200100D:system library:fopen:Permission denied

i tried running bconsole as root so it could read the private key.
is that necessary?  if not then can i comment out the `TLS Key`
directive from bconsole.conf?  either way it's still not working:

$ sudo bconsole -d 99
Connecting to Director home1.local:9101
bconsole: cram-md5.c:152-0 sending resp to challenge: qW/X+AiA
bconsole: cram-md5.c:80-0 send: auth cram-md5
<903158708.1311480543@bconsole> ssl=2
bconsole: cram-md5.c:99-0 Authenticate OK u/ASoD+X/V+9+0FD
TLS negotiation failed
Director authorization problem.
Most likely the passwords do not agree.
If you are using TLS, there may have been a certificate validation error
during the TLS handshake.
Please see
http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000
for help.


unfortunately that URL is broken.

-----BEGIN PGP SIGNATURE-----

iEYEAREIAAYFAk4rm60ACgkQXhfCJNu98qDZEgCcCeUaQ/goqDo99447q398MR52
AJgAoLbhNOkE0w7SurzYawgt67Nw7stD
=o50q
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] need help (step by step) for setting up certificates, Mike Hobbs
Next by Date:  Re: [Bacula-users] need help (step by step) for setting up certificates, Ben Walton
Previous by Thread:  Re: [Bacula-users] need help (step by step) for setting up certificates, Mike Hobbs
Next by Thread:  Re: [Bacula-users] need help (step by step) for setting up certificates, Ben Walton
Indexes:  [Date] [Thread] [Top] [All Lists]