Re: [Bacula-users] need help (step by step) for setting up certificates
2011-07-24 00:16:31
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mike Hobbs @ 07/23/2011 06:32 PM:
> On 7/23/2011 8:38 PM, scar wrote:
>> this is what i have in home1.bacula-dir.conf:
>>
>> Director {
>> Name = home1-dir
>> DirAddress = home1.local
>> ...
>> TLS Enable = yes
>> TLS Require = yes
>> TLS Verify Peer = yes
>> TLS CA Certificate File = /etc/bacula/myca.crt
>> TLS Certificate = /etc/bacula/home1.crt
>> TLS Key = /etc/bacula/home1.key
>> }
>
> I also have this in my dir.conf file, I do not know if this is what's
> causing your issue, but your other TLS settings look correct.
>
>
> TLS Allowed CN = "your_backupserver_hostname"
>
so i tried adding `TLS Allowed CN = "home1"` and still get the same
error. however, i tried using the `-d 99` switch for bconsole and it
reveals something helpful:
bconsole: openssl.c:85-0 jcr=0 Error loading private key:
ERR=error:0200100D:system library:fopen:Permission denied
i tried running bconsole as root so it could read the private key.
is that necessary? if not then can i comment out the `TLS Key`
directive from bconsole.conf? either way it's still not working:
$ sudo bconsole -d 99
Connecting to Director home1.local:9101
bconsole: cram-md5.c:152-0 sending resp to challenge: qW/X+AiA
bconsole: cram-md5.c:80-0 send: auth cram-md5
<903158708.1311480543@bconsole> ssl=2
bconsole: cram-md5.c:99-0 Authenticate OK u/ASoD+X/V+9+0FD
TLS negotiation failed
Director authorization problem.
Most likely the passwords do not agree.
If you are using TLS, there may have been a certificate validation error
during the TLS handshake.
Please see
http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000
for help.
unfortunately that URL is broken.
-----BEGIN PGP SIGNATURE-----
iEYEAREIAAYFAk4rm60ACgkQXhfCJNu98qDZEgCcCeUaQ/goqDo99447q398MR52
AJgAoLbhNOkE0w7SurzYawgt67Nw7stD
=o50q
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|